Researchers have identified a tiny new Trojan that could pose a huge risk to your online banking security.
Called "Tinba," the Trojan has the force of other similar cybercrime weapons; it compromises victims' banking sessions to steal their confidential data. It also injects code into browsers to trick victims into entering their data on spoofed banking pages. But, as Peter Kruse from the Danish security firm CSIS wrote, there's one (tiny) catch that makes Tinba especially dangerous.
At just 20 kilobytes, Tinba (short for "Tiny Banker") is drastically smaller than other more infamous banking Trojans like Zeus, which is typically between 40 KB and 150 KB in size, according to Malwarehelp.org. The smaller the weapon, the harder it is to detect.
"Tinba is the smallest Trojan-banker we have ever encountered and it belongs to a complete new family of malware which we expect to be battling in upcoming months," Kruse said. "Tinba proves that malware with data stealing capabilities does not have to be 20MB of size." (The comment is a reference to the sophisticated and massive "Skywiper/Flame" malware that was recently found targeting computers in Iran.)
It's not just its small stature that makes this Trojan a worthy contender on the crime front: Tinba's tiny payload packs a punch, Kruse said. Not only does it steal login data from infected computers, but it also injects itself into other processes on the system, including explorer.exe, firefox.exe and svchost.exe, with the goal of recruiting the machine into a botnet. Tinba also employs four hard-coded domains to communicate with remote servers; if one fails, the next one takes ever, ensuring a successful connection with the command-and-control server.
Stay out of trouble by making sure your bank's Web page, or any site that requires you to enter personal financial data, is secured with HTTPS encryption — check for "HTTPS" highlighted in green and a picture of a lock in your Web browser. If your bank's website seems suspicious, requests information you don't feel comfortable giving, or redirects you to another page, do not trust it.
