Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘tinba Trojan’
July 18th, 2014

Spearphishing scams hope you’ll take the bait

avast! Internet Security protects you from phishing and email scamsYesterday on our blog, avast! Virus Lab researcher Jaromir Horejsi, explained a banking Trojan called Tinba. The cybercrooks behind Tinba use a social engineering technique called spearfishing to target its victims.

You have probably heard about email scams that use phishing. This classic technique uses authentic-looking emails to lure the victims to fake websites, then trick them into revealing personal information. Also this week, we told you about an email that AVAST evangelist, Bob G. received claiming that he won money in a World Cup lottery. The cybercrooks behind that scam cast a wide net, hoping to catch a few people then ask them to provide banking information so they could deliver the prize.

Other high profile phishing attempts, like the DHL email scam that ran last Christmas, preyed on the anxiety of the holidays. An email that looks like the real thing was sent, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data. It’s not hard to understand why busy people can be fooled.

Spearphishing is similar in every way except that the net is drawn in much tighter. The FBI says that cybercrooks target select groups of people with something in common—they work at the same company, bank at the same financial institution, attend the same college, order merchandise from the same website, etc. The emails are seemingly sent from organizations or individuals the potential victims would normally get emails from, making them even more deceptive. This is what is happening with the Tinba Trojan right now in Czech Republic.

In both social engineering schemes, once the victim clicks, they are led to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, etc.

How to avoid becoming a spear phishing victim

  • Most companies, banks, agencies, etc., don’t request personal information via e-mail.
  • If in doubt, give them a call (but don’t use the phone number contained in the e-mail—that’s usually phony as well).
  • Use a phishing filter. Both avast! Internet Security and avast! Premier include anti-spam filters to detect phishing and scam emails.
  • Never follow a link to a secure site from an email; always enter the URL manually.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

July 17th, 2014

Tinybanker Trojan targets banking customers

Tinba Trojan specifically targets bank customers with deceitful debt notice.

The Tinba Trojan is banking malware that uses a social engineering technique called spearfishing to target its victims. Recently, targets have been banking customers in Czech Republic, AVAST Software’s home country. Tinba, aka Tiny Banker or Tinybanker,  was first reported in 2012 where it was active in Turkey. A whitepaper analyzing its functionality is available here (PDF). However, the spam campaigns against bank users in Czech Republic are still going on and have became more intensive. Here is an example of what Czech customers recently found in their email inbox.

Czech version:

VÝZVA K ÚHRADĚ DLUŽNÉHO PLNĚNÍ PŘED PROVEDENÍM EXEKUCE

Soudní exekutor Mgr. Bednář, Richard, Exekutorský úřad Praha-2, IČ 51736937, se sídlem Kateřinská 13, 184 00 Praha 2
pověřený provedením exekuce: č.j. 10 EXE 197/2014 -17, na základě exekučního titulu: Příkaz č.j. 077209/2014-567/Čen/G V.vyř.,
vás ve smyslu §46 odst. 6 z. č. 120/2001 Sb. (exekuční řád) v platném znění vyzývá k splnění označených povinností, které ukládá exekuční titul, jakož i povinnosti uhradit náklady na nařízení exekuce a odměnu soudního exekutora, stejně ták, jako zálohu na náklady exekuce a odměnu soudního exekutora:

Peněžitý nárok oprávněného včetně nákladu k dnešnímu dni: 9 027,00 Kč
Záloha na odměnu exekutora (peněžité plnění): 1 167,00 Kč včetně DPH 21%
Náklady exekuce paušálem: 4 616,00 Kč včetně DPH 21%

Pro splnění veškerých povinností  je třeba uhradit na účet soudního exekutora (č.ú. 549410655/5000, variabilní symbol 82797754, ČSOB a.s.), ve lhůtě 15 dnů od
doručení této výzvy 14 810,00 Kč

Nebude-li  uvedená částka uhrazena ve lhůtě 15 dnů od doručení této výzvy, bude i provedena exekuce majetku a/nebo zablokován bankovní účet  povinného ve smyslu § 44a odst. 1 EŘ a podle § 47 odst. 4 EŘ. Až do okamžiku splnění povinnosti.

Příkaz k úhradě, vyrozumění o zahájení exekuce  a vypučet povinnosti najdete v přiložených souborech.

Za správnost vyhotovení Alexey Mishkel

 

English translation:

Distraint notice
———————
Bailiff [Academic title] [First name] [Last name], Distraint office Prague-2 ID: 51736937 at Katerinska 13, 184 00 Prague 2 was authorized to proceed the execution 10 EXE 197/2014 -17 based on execution Order 077209/2014-567/Cen/G according to §46 paragraph 4, 120/2001 law collection in valid form which impose you to pay these costs:

Debt amount: 9,027.00 CZK ($445.00)
Distraint reward: 1,167 including 21% TAX
Fixed costs: 4,616 CZK including 21% TAX
Total: 14,810 CZK ($730.00)

To bank account 549410655/5000, variable symbol 82797754, CSOB a.s.

For the correctness of the copy warrants Alexey Mishkel

Using the spearfishing social engineering tactic, the attackers attempt to scare their victims with a specially designed email message explaining that a debt exists which needs to be paid.

Read more…