W32.Tinba (Tinybanker) The turkish incident

From Botnets.fr
Revision as of 15:28, 7 February 2015 by Eric.freyssinet (talk | contribs) (1 revision imported)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

W32.Tinba (Tinybanker) The turkish incident
Botnet Tinba
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 /
Editor/Conference Trend Micro
Link http://www.csis.dk/downloads/Tinba White Paper.pdf www.csis.dk (www.csis.dk Archive copy)
Author Peter Kruse
Type

Abstract

The following report contains a technical analysis of the Tinba Trojan-banker family.

The name “Tinba” was assigned by CSIS and represents the small size of this Trojanbanker (approximately 20 KB). The name is derived from the words “tiny” and “bank.” The malware is also known as “Tinybanker” and “Zusy.” This report focuses on several different variants of the Tinba Trojan and includes: • Name and family • MD5/SHA1 • Malware analysis Based on the intelligence gathered during a four-month period of close monitoring, this specific group is focused on Turkey. The infection map below outlines the areas of Turkish attacks (see Figure 1). Figure 1. Overview of the Tinba Trojan-banker Turkish attacks. Zooming in closer provides a better view of the concentration of this campaign (see Figure 2).

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1159,
   editor = {Trend Micro},
   author = {Peter Kruse},
   title = {W32.Tinba (Tinybanker) The turkish incident},
   date = {28},
   month = Mar,
   year = {2012},
   howpublished = {\url{http://www.csis.dk/downloads/Tinba_White_Paper.pdf www.csis.dk}},
 }