Difference between revisions of "Tilon-son of Silon"

Revision as of 21:31, 5 August 2015

(Publication) Google search: [1]

Tilon-son of Silon
Botnet	Tilon, Silon
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date	2012 / 9 aug2012
Editor/Conference	Trusteer
Link	http://www.trusteer.com/blog/tilon-son-of-silon www.trusteer.com (www.trusteer.com Archive copy)
Author	Amit Klein
Type

Abstract

“ So-what does it do? Tilon is a financial malware that employs the “Man in the Browser” (MitB) approach. It injects itself into the browser (it has an impressive list of supported browsers – Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and probably others) and then fully controls the traffic from the browser to the web server, and vice versa. It captures all form submissions (“form grabbing”) from the browser to the web server, logs them and sends them to its command and control (C&C) server, thereby gaining access to all login credentials, transactions, etc. More interestingly perhaps, it controls the traffic (web pages) from the web server to the browser, and through a sophisticated “search and replace” mechanism it targets specific URLs and replaces parts (small and large) of the pages with its own text.

Bibtex

@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1133, editor = {Trusteer}, author = {Amit Klein}, title = {Tilon-son of Silon}, date = {09}, month = Aug, year = {2012}, howpublished = {\url{http://www.trusteer.com/blog/tilon-son-of-silon www.trusteer.com}}, }

@@ Line 3: / Line 3: @@
 |Author=Amit Klein
 |NomRevue=Trusteer blog
-|Date=9 août 2012
+|Date=9 aug2012
 |Editor=Trusteer
 |Year=2012

Difference between revisions of "Tilon-son of Silon"

Revision as of 21:31, 5 August 2015

Abstract

Bibtex

Navigation menu

Search