Swef
Swef
Swef
Infected websites can distribute Tiny Banker, with victims lured via phishing emails and
fraudulent advertising content. When a vulnerable system runs Tinba, it replicates it under
the name bin.exe to the %AppData% folder.
Various versions of Tinba ended up in different folders—variants created folders with randomly
generated names based on information about the infected system. Tinba encrypts its memory
usage to avoid detection.
When an infected system restarts, bin.exe runs and Tiny Banker persists on the computer.
Tinba can modify web browsers such as Explorer and Firefox, disabling warning messages and
enabling HTTP content to be displayed on HTTPS websites without prompts. Tiny Banker targets
processes such as explorer.exe and svchost.exe on Windows, as well as other running
processes.
TBT encrypts its communications with command and control servers and
maintains availability by using four C&C domains. It has local config files it can use when
unable to connect to a server.
Data encryption isn't just for technology geeks; modern tools make it possible for anyone
to encrypt emails and other information. "Encryption used to be the sole province of geeks and
mathematicians, but a lot has changed in recent years. In particular, various publicly available
tools have taken the rocket science out of encrypting (and decrypting) email and files. GPG for
Mail, for example, is an open source plug-in for the Apple Mail program that makes it easy to
encrypt, decrypt, sign and verify emails using the OpenPGP standard. And for protecting files,
newer versions of Apple's OS X operating system come with FileVault, a program that encrypts
the hard drive of a computer. Those running Microsoft Windows have a similar program. This
software will scramble your data, but won't protect you from government authorities
demanding your encryption key under the Regulation of Investigatory Powers Act (2000), which
is why some aficionados recommend TrueCrypt, a program with some very interesting
facilities," explains John Naughton in an article for The Guardian. Twitter: @guardian
5. Use a firewall
"Firewalls assist in blocking dangerous programs, viruses or spyware before they
infiltrate your system. Various software companies offer firewall protection, but hardware-
based firewalls, like those frequently built into network routers, provide a better level of
security," says Geek Squad. Twitter: @GeekSquad
Most apps offer privacy settings for users, enabling you to determine how much and
what types of information are shared or stored. Always choose the least amount of data-
sharing possible. Casey Chin from Wired explains, "You probably spend a lot of your day inside
apps: catching up on the news, playing music and movies, keeping in touch with friends, racing
cartoon characters around a track, and so on. Every once in a while though, it's worth running
an audit on these apps to make sure they're not overreaching and going beyond their remit—
collecting more data about you and controlling more of your devices than you'd like."
Twitter: @WIRED
"If your gadget is lost or stolen, tracking apps can tell you exactly where your phone is. These
apps also let you wipe sensitive information remotely. If your phone does end up landing in the
wrong hands, you can at least make sure they don't get your information," says Kim
Komando. Twitter: @kimkomando
8. Take care of privacy settings immediately upon setup
When configuring a new device or operating system, configuring privacy settings should be the
first order of business. This ensures that you're not inadvertently sharing sensitive information
as you set up your standard apps and services. "The minute you download and install iOS 8, the
latest version of Apple's mobile operating system for iPhone and iPad, you should take note of
these privacy steps in order to lock down your device. iOS 8 has a number of new features tied
to your location. It also has new privacy settings, allowing users to limit how long data is stored
for, such as message expiry features and new private browsing settings...Before you do
anything like customizing your phone, loading new apps, or syncing your data for the first time,
these first seven settings need to be checked, and if necessary, changed," explains Zack
Whittaker in an article appearing on ZDNet. Twitter: @zackwhittaker
While it's not all-inclusive, MyPermissions.com is a handy tool that allows you to check your
permission settings across a multitude of apps, get reminders to clean your permissions with
mobile-friendly apps, and get alerts when apps access your personal information so that you
can remove it with a single click. Twitter: @mypermissions
Practically everyone has a smartphone, tablet, or both these days. All it takes is a single mishap
where your device slips out of your pocket or briefcase at a restaurant or on public
transportation, and your data could wind up in the hands of someone who will use it
maliciously. You can take steps to protect your data in the event of a lost or stolen device,
however, beginning with locking your device. When your device is locked, a thief must crack
your password before gaining access to your apps or personal information, adding a layer of
protection. Unfortunately, many don’t lock their devices, says Monica Anderson of Pew
Research, "More than a quarter (28%) of smartphone owners say they do not use a screen lock
or other security features to access their phone." Twitter: @pewresearch
RESOURCES:
1. https://www.techtarget.com/searchsecurity/definition/ILOVEYOU-virus
2.https://www.trellix.com/en-us/security-awareness/ransomware/what-is-stuxnet.html
3. https://www.imperva.com/learn/application-security/tiny-banker-trojan-tbt-tinba/
4.https://www.pcrisk.com/removal-guides/14355-shlayer-trojan-mac
5. https://en.wikipedia.org/wiki/Klez
6. https://digitalguardian.com/blog/101-data-protection-tips-how-keep-your-passwords-
financial-personal-information-safe