Sign in / up

back to article Miscreants leak banking baddie's secret source

Miscreants have released the source code for the Tinba banking Trojan in a move that may spawn the development of copycats. The secret source behind early versions of the small (some versions weigh in at just 20KB) but pernicious banking Trojan was released through an underground forum last week, reports Danish security …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Big Brother

    Computer banking Trojan?

    "Upon execution, Tinba kicks off an injection routine, which is obfuscated to avoid antivirus detection (see Figure 4). It allocates new memory space where this specific injection function is stored and injects itself into the newly created process “winver.exe” (Version Reporter Applet). The latter is a legitimate file in the windows system folder. Tinba also injects itself into both "explorer.exe" and "svchost.exe" processes.

    Tinba primarily uses four different libraries during runtime: ntdll.dll, advapi32.dl, ws2_32.dll, and user32.dll. The main components are copied into the [%ALLUSERSPROFILE%]\Application Data\default directory. These consist of the main malware executable (bin.exe), the encrypted configuration file (cfg.dat), and the web inject file (web.dat). The bin.exe is added as a run key in the registry so that the code is executed after system shutdown/reboot." ref

    2 0 Reply
  2. Crazy Operations Guy
    Joke

    "several IT criminals have been inspired"

    Not really news, Oracle has been taking my money for many years now.

    7 1 Reply
    1. elDog
      Reply Icon

      Re: "several IT criminals have been inspired"

      Right. I think the frequent use of the term "criminal" in this article will just elevate it to the same neo-speak as "bad" or "grunge" or (unfortunately) "hacker" to which I have aspired for 40+ years.

      The real crims are the moneyed bankers and their minions that can't care about the customers' security and go for the least amount possible. Oh well, throw in the various criminal gummint agencies that know about these 'sploits (or created them) and don't want to help clean them up.

      Jeez, I thought politicians were the lowest of the low (sorry car salesmen), but the whole apparatchik of our modern world is winning the prize.

      2 3 Reply
      1. Destroy All Monsters Silver badge
        Reply Icon

        Re: "several IT criminals have been inspired"

        "le conspiring hands.jpg"

        0 0 Reply
  3. WatAWorld

    Where are GCHQ, the NSA and CSIS on providing espionage tools to terrorists?

    I see CSIS in an article like this I expect it to be the Canadian Security Intelligence Service (annual budget, $513,007,839 (2013–14)) has chocked up a victory for our side.

    Instead the CSIS Danish security consultancy probably not even 1% of that size.

    The source code to these trojans all represent risks to national security far greater and far more real than any risks claimed for the revelations of Snowden.

    The source code to these trojans all represent far greater and far more real gifts to terrorist organizations than anything claimed for what Snowden revealed.

    The source code can be used to raise funds for terrorism.

    The source code can be used by terrorists to design trojans for gaining secret, top secret and compartmentalized information.

    So why, how, when GCHQ, the NSA and CSIS have not completed job #1 their "War on Islam"*, er uh correction, "War on Terrorism", how do they find the time and money to spy on peaceful: trade negotiators, lawyers consulting on trade negotiations, local grass roots politicians, business leaders, academics and regular people's emails and web visits, plus have the additional free time to monitor teenage daughters sexting?

    Focus people. Think. Threats to the common person's computer security are national security threats.

    Sure you like to hide behind the commercial crooks, use some of the same tools, and hide your malware traffic in with their malware traffic.

    GCHQ, NSA and CSIS, with your lax attitude on trojans and spyware for commercial theft you're inadvertently aiding terrorists; you're standing by and watching people give espionage tools to terrorists.

    Obviously many of the spyware techies of those agencies read this website. Please lobby your bosses on this issue.

    You and us, we're on the same side. I realize this is probably just an oversight on your bosses' part, not seeing the potential these tools, thinking they're only a base criminal threat and not realizing their a gift to terrorists. Please help your bosses see the reality.

    2 2 Reply
    1. Mark 85
      Reply Icon

      Re: Where are GCHQ, the NSA and CSIS on providing espionage tools to terrorists?

      I think we all should agree with you on this. However, you explained why here: So why, how, when GCHQ, the NSA and CSIS have not completed job #1 their "War on Islam"*, er uh correction, "War on Terrorism", how do they find the time and money to spy on peaceful: trade negotiators, lawyers consulting on trade negotiations, local grass roots politicians, business leaders, academics and regular people's emails and web visits, plus have the additional free time to monitor teenage daughters sexting?

      They're more concerned about keeping their jobs and power and they do that by keeping the politicos in line. Oh sure, they claim they've stopped "X" number of terrorist attacks but it's the little folk to pay taxes and are the citizens of the country who get screwed over. One would think that if they know all they claim to know, they could take down the sites offering such malware. But no, the cat has to leap from the bag and innocents have to get burned and then private company does the takedown. Sometimes with the cooperation of an agency but more often not.

      So here's my aside to any agency who'll read this (and I assume that the Register is watched):

      So where is our security, Mr. Spy Agency boss? Why are little folks allowed to be hit with crap. You have the knowledge and the tools to stop them. What do you get by not taking action?

      I think I'll go sit outside now and await the black helicopter.

      2 1 Reply
      1. Destroy All Monsters Silver badge
        Reply Icon
        Big Brother

        Re: Where are GCHQ, the NSA and CSIS on providing espionage tools to terrorists?

        I think I'll go sit outside now and await the black helicopter.

        The correct attitude to take, citizen. Your reeducation will be relaxing.

        Meanwhile, your tax money goes towards the payroall of the bloated hierarchy at the lower end of which is the guy that hit the "report" button.

        1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like