The Tinba virus is a trojan that targets financial institution websites. It is a modified version of older banker trojans and Zeus trojan that is much smaller, at only 20KB, making it difficult to detect. It operates using packet sniffing to launch man-in-the-browser attacks or create fake login pages to steal users' sensitive banking login and account information. Tinba was first discovered in 2012 and has since infected over two dozen major US banks by extracting site formatting to mimic legitimate login pages or intercepting keystrokes during encrypted sessions. Prevention involves being careful of what is downloaded and visited online to avoid malware infections.

2. Name Tinba Virus
Type Trojan
Danger Level High (Trojans are often used as a
backdoor for Ransomware)
Symptoms Usually no visible symptoms.
Distribution Method
Mostly via spam emails within infected
attachments, but also pretty much on
any malicious or shady website.
Detection Tool
Tinba may be difficult to track
down. Use SpyHunter – a professional
Tinba scanner – to make sure you find
all files related to the infection.

3.  Tiny Banker Trojan, also called Tinba, is a malware program
that targets financial institution websites.
 It is a modified form of an older form of viruses known as
Banker Trojans, yet it is much smaller in size and more
powerful.
 It works by establishing man-in-the-browser attacks and
network sniffing. Since its discovery, it has been found to have
infected more than two dozen major banking institutions in
the United States, including TD Bank, Chase, HSBC, Wells
Fargo, PNC and Bank of America.
 It is designed to steal users sensitive data, such as account
login information and banking codes.

4. HISTORY
• Tiny Banker was first discovered in 2012, when it was found to have infected
thousands of computers in Turkey. After it was discovered, the original
source code for the malware was leaked online and began undergoing
individual revisions, making the process of detecting it harder for the
institutions.
• It is a highly modified version of the Zeus Trojan, which had a very similar
attack method to obtain the same information.
• Tinba, however, was found to be much smaller in size. The smaller size
makes the malware more difficult to detect. At only 20KB, Tinba is much
smaller than any other known Trojan.
• For reference, the average file size of a web site is around 1,000KB, so the
difference between an infected web page and a clean one is very difficult for
anti-malware programs to recognize.

5. OPERATION
• Tinba operates using packet sniffing, a method of reading network traffic, to
determine when a user navigates to a banking website. The malware can then
launch one of two different actions, depending on the variation:
1. In its most popular form, Tinba will Form grab the webpage causing
a man-in-the-middle attack. The Trojan uses Form grabbing to grab
keystrokes before they can be encrypted by HTTPS. Tinba then sends the
keystrokes to a Command & Control, this in turn causes a user's
information to be stolen.
2. The second method that Tinba has used is to allow the user to log into the
webpage. Once the user is in, the malware will use the page information to
extract the company's logo and site formatting. It will then create a pop-up
page informing the user of updates to the system, and requesting
additional information, such as social security numbers. Most banking
institutions inform their users that they will never ask for this
information as a way to defend against these types of attacks.

6. Targeted Countries

7. PREVENTION
• SMART SURFING - This
term comprises many aspects
of your online experience –
from the torrents and the
shareware you download to
the websites you regularly
visit. Just be careful, as such
infections with malware may
greatly harm your PC and all
your data on it.

8. THANK YOU
PRESENTED BY : AANCHAL
JAIN