Source Code Leaked For Tinba Banking Trojan 75
msm1267 (2804139) writes "The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the crimeware kit. Tinba performs many of the same malicious functions as other banker Trojans, injecting itself into running processes on an infected machine, including the browser and explorer.exe. The malware is designed to steal financial information, including banking credentials and credit-card data and also makes each infected computer part of a botnet. Compromised machines communicate with command-and-control servers over encrypted channels. Tinba got its name from an abbreviation of "tiny banker," and researchers say that it's only about 20 KB in size."
Windows DLL injection attack vector. (Score:5, Interesting)
Remind me again why Windows has the capability to "inject" a new DLL into a running process from outside the process.
Re:Windows DLL injection attack vector. (Score:2, Interesting)
One reason could be to have the ability to extend the functionality of other programs. For example, back in the MSN Messenger/Windows Live Messenger days, there was a program called Messenger Plus!, which added lots of functionality to MSN/WLM. I don't think it would had been possible without DLL injection.