Tinba Trojan Targets Major US Banks

An anonymous reader writes Tinba, the tiny (20 KB) banking malware with man-in-the-browser and network traffic sniffing capabilities, is back. After initially being made to target users of a small number of banks, that list has been amplified and now includes 26 financial institutions mostly in the US and Canada, but some in Australia and Europe as well. Tinba has been modified over the years, in an attempt to bypass new security protections set up by banks, and its source code has been leaked on underground forums a few months ago. In this new campaign, the Trojan gets delivered to users via the Rig exploit kit, which uses Flash and Silverlight exploits. The victims get saddled with the malware when they unknowingly visit a website hosting the exploit kit."

So close on the alliteration

Tinba Trojan Targets Top Tender Traders?

Re:So close on the alliteration

[GeekWithAKnife]

Tell Me Twice
Why This Tinker Tinba Taylor Trojan Spy
Targets Top Tender Traders
With Little Digital Mice
These E-bandit Raiders Splice
Working In The Dark Of Night
Trying To Get Financial Height
Instead Of Getting A Job And Doing It Right

It was a stream of consciousness sorta thing. *shrugs*

Flash and Silverlight

[eyepeepackets]

Flash and Silverlight, Adobe and Microsoft, again -- and again and again. Is it the year of the Linux Desktop yet?

Re:Flash and Silverlight

[BringsApples]

Is it the year of the Linux Desktop yet?

It is at my house, like 3 or 4 years ago. Has been ever since. I'm happy to have windows at all the local businesses, because I do freelance IT work, and that's how the bills are paid. If everyone ran a linux desktop, they'd be forced to learn how computing works (and doesn't work), and I'd be out a big fat sum of money.

But who the hell is using flash and/or silverlight at a bank? Of course this is why I don't do work for banks/doctors/lawyers, other than they're the ones that are hard to collect $ from.

Re:Flash and Silverlight

[ArcadeMan]

You don't need Linux to be free of Adobe and Microsoft. Just a Mac. The OS itself can read/print PDF natively, YouTube has an HTML5 video option (and if it doesn't work, just set your user agent to iPad or something) and Microsoft isn't needed for the average user. iWork is more than sufficient, otherwise there's OpenOffice/etc.

Besides, it will never be the year of the Linux Desktop, no more than the year of the Mac Desktop. Desktops have been replaced by tablets and phones for most users. Most people don't need computers, just as they don't need a full set of power tools or a kitchen full of commercial-grade appliances. Desktops and laptops are back to the status of specialized power tools which only a few of us (relatively speaking) really need.

Re:Flash and Silverlight

[Eravnrekaree]

I think your wrong about that. Who the hell wants to do their taxes, finances, write letters, and so on on some rinky dink tablet? Not me. The reason desktop sales have slowed down is 1) for most people their current computer is fine so they are not buying a new one until the old one dies. 2) We've not seen much of an increase in performance, I cant see a big improvement in RAM size in the last 3 years for instance.

Re:Flash and Silverlight

[Charliemopps]

Flash and Silverlight, Adobe and Microsoft, again -- and again and again. Is it the year of the Linux Desktop yet?

Netflix requires sivlerlight. And, I suspect, 99% of the people out there with silverlight installed, only have it for netflix. I can't think of a single other reason I'd install it. And I specifically banned netflix in my house because of the silverlight requirement.

Re:Flash and Silverlight

[Teun]

If everyone ran a linux desktop, they'd be forced to learn how computing works (and doesn't work), and I'd be out a big fat sum of money.

Why?

With a Linux desktop you don't need to know more about computers than a typical Windows user yet have a safer environment.

Re:Flash and Silverlight

[spire3661]

Ugh. You cant even stop the screen from blanking in Ubuntu without executing SEVERAL command lines involving 3 separate processes. I like Linux, but damn they make shit harder than it needs to be sometimes. I would LOVE for Linux to at least have feature parity in simple stuff like disabling screen blanking. That sort of thing should be exposed in the UI, there is no excuse for that kind of incompetence.

Re:Flash and Silverlight

[tlhIngan]

With a Linux desktop you don't need to know more about computers than a typical Windows user yet have a safer environment.

Not really.

Most malware these days are of the "honor virus" kind - user wants to do X, and they google how to do X. Some YouTube video comes up and says you need to install packages A, B, C, then use A to do D, E, F, use B to do G, H, I, and then C will help you do X. Bingo!

What the video did NOT say was D and E require setting your password to "password" or that C is a daemon you run as root, and can kill it after. So now you have your password set as password (they didn't tell you to reset it back), and an unnecessary root-running daemon.

Linux is no safer, to be honest. Because you can easily tell a user to do "sudo rm -rf --no-preserve-root /", enter their password and then do a bunch of other stuff.

Hell, since UAC times, most malware runs in userspace, and you have full access to the user's event queue.

Re:Really?

[NIK282000]

Most people have no idea that their browser can be used as a bot.

List of Banks

[ewhenn]

Bank of America
Associated Bank
America’s Credit Unions
Etrade Financial Corporation
US bank
Banco de Sabadell
Farmers & Merchants Bank
HSBC
TD Bank
For anyone wondering....

BancorpSouth
Chase
Fifth third bank
Wells Fargo
StateFarm
Regions
ING Direct
M&T Bank
PNC
UBS
RBC Royal Bank
RBS
CityBank
Bank BGZ
Westpack
Scotiabank
United Services Automobile Association


Source: http://blog.avast.com/2014/09/...

Adobe prophylactic?

[networkzombie]

Does EMET stop Tinba?