DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
November 19, 2018 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 155 people online.

 

Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
 

Follow us
RSS
 

Tinba malware updates itself to make removal harder

Posted on Friday, June 26 2015 @ 12:22:15 CEST by


Malwarebytes discovered a new piece of malware named Tinba, this Trojan automatically updates both itself and its command servers to try to stay one step ahead of anti-virus tools. Tinba is spread via "malvertising" campaigns, it uses ads embedded within an URL shortener service to lead users to exploit kit HanJuan EK. The goal of Tinba is to steal user credentials, passwords and other sensitive data.
"Often times cyber criminals will use URL shorteners to disguise malicious links," the blog post explains. "However, in this particular case, it is embedded advertisement within the URL shortener service that leads to the malicious site.

"It all begins with Adf.ly, which uses interstitial advertising, a technique where adverts are displayed on the page for a few seconds before the user is taken to the actual content."

Following a complex malvertising redirection chain, the HanJuan EK is loaded and fires Flash Player and Internet Explorer exploits before dropping a payload onto disk.

"The payload we collected uses several layers of encryption within the binary itself but also in its communications with its command and control server," added the firm.
Full details at The Inquirer and MalwareBytes.

Tinba infection chain



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba