Trojan.Tinba

Tinba is an exceptionally-small member of the banking Trojan category of malware, with only twenty kilobytes of code packed to the brim with both hard-coded and configurable functions for stealing information and compromising your PC's security. Although almost all Tinba infections have been reported from Turkey, SpywareRemove.com malware researchers also note that Tinba has been seen – albeit in much smaller numbers – in Europe, Asia, North America and even Africa. Propagation vectors for Tinba involve malicious websites that use the ever-prolific Blackhole Exploit Kit (AKA Blacole or BEK) to install Tinba through browser-related exploits. The same defenses that protect your PC from BEK should be sufficient for blocking Tinba installation attacks and an actual infection, since Tinba utilizes code injection and doesn't leave symptoms, should be removed by a suitably adept anti-malware program.

Tinba: the Tiniest Form of Big Trouble You Could Get on Your Hard Drive

Tinba, also known as Zusy or TinyBanker, is installed automatically through your web browser, with a little help from the configurable exploit package known as BEK. You may see a 'Please wait page is loading' error when exposed to a BEK-hosting web page, although other symptoms of an attempt to install Tinba are minimal. Disabling Java and JavaScript can block many of the exploits that Blacole could use to install Tinba, and SpywareRemove.com malware experts also suggest keeping said software, along with Adobe-brand software, updated to cut down on any exploitable vulnerabilities.

Most but not all of Tinba's installations have been seen in Turkey, to the tune of over sixty thousand separate attacks, according to current estimates. So far, SpywareRemove.com malware analysts have observed the following major attacks from Tinba, although Tinba may receive instructions for other functions in the future:

• Disabling Firefox's warning message for potential exposure to hazardous websites.
• Communicating with a wide range of C&C servers that can be used to compromise your computer. The breadth and complexity of Tinba's server contact system has caused SpywareRemove.com malware experts and others to suspect that Tinba is designed 'professionally' by well-organized and well-funded criminal rings.
• Man-in-the-browser attacks that allow Tinba to inject unsafe content into safe web pages – for example, placing phishing forms for personal information in the midst of a bank's login page. Tinba's related functions can also be used to steal information as it's transmitted through your browser. Tinba takes particular care to target Facebook, Microsoft, Google, GMX and HTTPS-related information.

Breaking Out the Virtual Magnifying Glass That Can Spot Tinba

Even though Tinba doesn't use advanced encryption techniques, SpywareRemove.com malware analysts have found that most anti-malware companies have yet to develop a proper ID for Tinba. As part of its default behavior, Tinba injects itself into explorer.exe and svchost.exe, which are native Windows processes. This allows Tinba to launch with Windows and also conceals its attacks from easy surveillance. Additional code injection attacks let Tinba compromise your browser's memory process with specific functions included for Firebox and Internet Explorer.

If you want a good chance of detecting Tinba, your anti-malware software should be updated, and SpywareRemove.com malware experts also suggest using Safe Mode or, if necessary, a boot via USB flash drive during your scans. You should assume that confidential information is compromised if you've been successful in identifying Tinba, and may wish to contact your bank about additional steps to take – besides, of course, changing all of your passwords.

Technical Details