Information is always useful to someone. For 'Tinba', like many botnets, that information could be browsing data, login credentials, or even banking information, all decided by the botnet master and changed to whatever they desire at any time. But in order to gather this information efficiently, Tinba must do three things: Hide its activities from its host to avoid suspicion, Persist within its host environment, and Collect and upload your information to its master's server. In our analysis of Tinba, we aim to cover... [Read More]
by RSS Collin Tam  |  May 14, 2015  |  Filed in: Security Research
A few months ago, Tinba’s source code was leaked in the wild. It is now inevitable that a different and enhanced version of it is out there. Tinba, also known as Tiny Banker, made its debut a couple of years ago. Though it is small, it is capable of doing what its big brothers can do. For more details on some of its features, you can read my article posted on Virus Bulletin. 64-bit Injected Code As expected, we have seen some new changes added to the original malware. Tinba is now capable of injecting its code into a 64-bit running process. The... [Read More]
by RSS Raul Alvarez  |  Oct 06, 2014  |  Filed in: Security Research
Razvan Benchea and Dragos Gavrilut in the middle of their presentation I am very happy to have been at VB 2013 once again. The talks were quite interesting. If you were not able to attend, here's the write-up of some presentations I went to. This post is the first in a three part series. Click here for Part 2 and here for Part 3 Andrew Lee - Ethics and the AV industry in the age of WikiLeaks (Keynote) Andrew showed that surveillance programs were not new (the FISA Act dates back to 1978) and that they exist in numerous countries (not only the... [Read More]
by RSS Axelle Apvrille  |  Oct 10, 2013  |  Filed in: Security Research
Maybe it was something in the water, but the last week of May was indeed a week of extremes--from the biggest threat on record to the tiniest Trojan to an unusual and completely unexpected act of transparency from Apple. Here's what the security landscape looked like for May 29-June 1. Flame Ignites Fire In Security Community: It might be hard to imagine a an attack that can outpace unprecedented targeted threats such as Stuxnet and Duqu. But last week, the emergence of the Flame virus on the security landscape put them all to shame. The... [Read More]
by RSS Stefanie Hoffman  |  Jun 04, 2012  |  Filed in: Industry Trends