The information presented below is a product of various sources and is aggregated here via RSS (Really Simple Syndication). Copyright for the information is retained by the indicated provider.
Newest additions and updates of spyware parasites
Provided courtesy of:
Latest information about spyware threats to your computer. Get new and updated information how to detect and remove spyware and protect your PC from parasites.
- Windows Maintenance Suite
- Wed, 06 Jun 2012 06:09:43 CDT - Windows Maintenance Suite is another rogue antispyware that was released by FakeVimes family. Just like its predecessors the program infiltrates into random computer systems using social networks, malicious websites, spam email attachments, etc. As soon as it gets inside the system, the application makes some changes in the Windows Registry which allows Windows Maintenance Suite to perform its further steps.First of all, you will notice a scanner running on your system after each computer reboot. The program will warn that your system is infected and even show a list of threats that are supposedly harming your system. However, these files are either fake or they belong to your legitimate programs. Removing them can even harm proper functioning of your system. Besides none of the versions of Windows Maintenance Suite can detect or remove any real infections. So your PC is completely unprotectedAdditionally, Windows Maintenance Suite uses fake pop up messages which appear on the system out of nowhere and warn about certain system problems. The purpose of these notifications is also to make computer user think that his system has certain security issues. This is a common way rogue programs promote them. You shouldn't take these notifications for real and you should never act they way they tell you. Here's how the look like:ErrorKeylogger activity detected. System information security is at risk.It is recommended to activate protection and run a full system scan.WarningFirewall has blocked a program from accessing the Internet.Windows Media Player ResourcesC:Windowssystem32dllcachewmploc.dllC:Windowssystem32dllcachewmploc .dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.It is highly recommended to remove Windows Maintenance Suite using a reliable antispyware program. Just make sure you upgrade it to its newest version. If your Intenret Explorer is blocked, just keep trying again and eventually, you will be able to browse. Do not hesitate as...
- Canadian Security Intelligence Service (CSIS) Ukash
- Tue, 05 Jun 2012 18:44:27 CDT - Canadian Security Intelligence Service (CSIS) Ukash virus we classify as blatant ransomware scam. When the virus gets into the system, it blocks victims computer and displays the message which looks like coming from Canadian Security Intelligence Service. Virus asking for 100 dollars fine to unlock the computer.There are several similar scams active. this virus called also “Winlocker”. Most of them uses some Police county.. You are accused of doing some criminal activity, and the warning looks like it is coming directly from the police station. Canadian Security Intelligence Service (CSIS) accusing that you are visiting illegal websites about violence and pornos. It is very confused, as lots of people secretly watching porno movies and they affraid that someone will know. These people fall into this scam and Pay money for nothing. You need to know that it is a Scam. Canadian Security Intelligence Service do not send this kind of letters, and they do not ask you to pay fine by entering your credit card number. If you will enter your financial information, your credit card will be charged, and your information will be compromised. Criminals will gather your number and use it for they own needs. They can make a duplicate credit card, or use your financial information to purchase things on the Internet.VIrus properties:* Canadian Security Intelligence Service (CSIS) Ukash may hijack, redirect and change your browser* Canadian Security Intelligence Service (CSIS) Ukash displays annoying popups while you surf the web* Canadian Security Intelligence Service (CSIS) Ukash compromises your privacy and security* Canadian Security Intelligence Service (CSIS) Ukash is difficult to uninstall* Canadian Security Intelligence Service (CSIS) Ukash installs without your consent* Canadian Security Intelligence Service (CSIS) Ukash installs other types of spyware/adwareIt is better to use an automated software to get rid of Canadian Security Intelligence Service (CSIS) Ukash. There is a way to remove it by restoring the system, which is...
- Windows PC Aid
- Tue, 05 Jun 2012 15:26:25 CDT - Windows PC Aid is a rogue anti-spyware program that is being distributed via spam and infected websites. Infected websites usually redirect users to fake virus scanners and prompt them to install antivirus software to remove found malware infections. If you were redirected to a fake online virus scanner simply close the web page and do not download anything. At this point you are not infected with a rogue anti-spyware program. However, sometimes, scammers use drive-by downloads to install malware like Windows PC Aid without users' knowledge. In such case, the rogue program pop-ups on the computer screen after ten minutes or so. Users usually do not understand where it came from. It probably was and infected website or malicious advertisement placed on one of your favorite websites.Once installed, Windows PC Aid will scan your computer for viruses. By saying 'scan' I mean that it just pretends to scan your PC and it can be even compared to the real antivirus scan since the rogue program simply displays the same infections on infected computes, the list of infections is coded into the program itself, so obviously it will report the same infections even on different PCs. Very often, it reports about 20 infections and more. In some cases, it pretends to remove one or more supposedly found infections for free and then prompts you to pay for a full version of the program to remove the rest of reported malware. Do not buy it! It's a scam that wants to steal money from you. While running, Windows PC Aid will display numerous fake security alerts and various notifications from Windows task bar saying that your computer is infected by malware, mostly trojans and spyware. The rogue program has a limited number of well-made but fake security alerts to scare users into believing that they are infected. Some people may actually trust them since they look realistic...
- Windows Safety Wizard
- Tue, 05 Jun 2012 08:49:07 CDT - Windows Safety Wizard is a rogue program tricks users into purchasing its full version. It uses fake scan result to scare users into thinking that their computers are infected with spyware, adware, rootkits and other malware that may cause serious damage to the system. It is usually promoted through the use of Trojan downloaders, fake online virus scanners that display pop ups stating that your computer is infected and that you should download and run Windows Safety Wizard in order to clean your computer. This rogue program is also promoted via infected websites and spam emails.You shouldn't trust Windows Safety Wizard and pay for it since it's a scam. When running, this scamware will pretend to scan your computer and then list a variety of infections that supposedly cannot be removed until you purchase the program, but the results are faked. They are only being shown to scare you into thinking you are infected with all sorts of malware where as the only real infection is the rogue program itself. As a typical rogue security program, Windows Safety Wizard will display many fake security alerts and pop-ups from Windows Taskbar. It can even block legitimate programs or stop explorer session with a warning. Those alerts and Windows Safety Wizard Warnings will claim that your computer is infected with spyware, adware and other types of malware. Please ignore those fake alerts.Warning! Identity theft attempt DetectedHidden connection IP: xxxxxxxxxTarget: Your passwords for sitesErrorKeylogger activity detected. System information security is at risk.It is recommended to activate protection and run a full system scan.WarningFirewall has blocked a program from accessing the Internet.Windows Media Player ResourcesC:Windowssystem32dllcachewmploc.dllC:Windowssystem32dllcachewmploc .dll is suspected to have infected your PC. This type of virus intercepts entered data and transmits them to a remote server.As you can see, Windows Safety Wizard has only one goal - your credit card details. However, it's...
- Tue, 05 Jun 2012 08:22:55 CDT - Antivir is a misleading anti-spyware application that reports false or exaggerated system security threats and infections to make you think that your computer is infected with malware. Once installed, it will simulate system scans and display a list of infections, but won't let you to remove those supposed infections unless you pay for a full version of the program. As you can see, the main goal of this misleading application is to trick you into purchasing the program. This is nothing more but a scam. Do not pay for it and uninstall Antivir from your computer as soon as possible.[Figure 1. Antivir graphical user interface]Antivir is promoted through the use of Trojans that come mostly from fake online anti-malware scanners. Of course, the scammers use other misleading methods to promote their bogus product. Social engineering is very popular distribution method too. You shouldn't accept invitations or open links received from unknown people. When installed, Trojans download rogue application and displays fake security alerts. Those fake security alerts or notifications will state that your computer is infected, for example: "Warning! Identity theft attempt detected". Other fake notification states:Trojan:W32/Inject Activity DetectedTrojan:W32/Inject is a large family of malware that secretly makes changes to the Windows Registry. Variants in the family make also makes changes to other running processes.[Figure 2. Antivir - fake alert]To make things worse, Antivir will hijack Internet Explorer and display "Warning! Visiting this site may harm your computer!" message [Figure 3].[Figure 3. Antivir - fake Internet Explorer warning]Further more, Antivir may block legitimate anti-spyware software and block security related websites. There shouldn't be any doubts about this bogus application - it must be removed upon detection. Most importantly, do not purchase Antivir. Otherwise, you will simply lose your money. If your computer is infected with this malware, please use the removal guide below to remove Antivir manually for free. Also...
- Tue, 05 Jun 2012 07:38:50 CDT - Briba is a malicious Trojan horse that is made to open a backdoor connection for a remote attacker to the compromised computer. It modifies the system registry to run itself automatically each time windows starts. Also, it drops itself to several locations, to make it harder to delete.Then Briba opens a backdoor for a remote cybercriminal by trying to connect to a domain list. Full list is still under investigation. When hacker connects to the computer through open backdoor, it can perform various actions on the infected computer. Here’s a list of actions that it might perform:List all running processesEnd running processDownload and upload files from and to the infected machine Execute filesExecute shell commandsIt is very important to remove Briba from your PC. It’s relatively hard to track all the files of it manually, so we recommend using a reputable anti-spyware software program, which will ensure to remove Briba completely.
- Tue, 05 Jun 2012 06:41:22 CDT - Ritsol is a malicious Trojan horse that is made to create a backdoor on a compromised computer. Usually it is dropped by another Trojan, to make sure to sneak in the PC without notice. It copies itself to several different locations, and modifies the registry, so that it could start automatically with the operating system.Ritsol might use a legitimate program name to hide itself from users eyes. It connects to several webpages to get commands from a remote attacker. When the cybercriminal logs in to the computer, Ritsol allows him to make some dangerous actions, like starting or stopping processes, downloading remote files and executing them.It is very important to remove Ritsol as soon as you find it on your PC. It might be tricky to remove it from your computer manually, so we recommend using a legit automatic removal software, like Spyware Doctor.
- Tue, 05 Jun 2012 06:07:24 CDT - Nerex is a malicious Trojan horse, which opens a hidden backdoor connection for the remote attacker to the compromised computer. When dropped in the PC, it copies itself to several different places, and modifies the registry, so that it could start automatically when windows starts.Nerex hides itself on some legitimate process name and stays in background. While it is running on the machine, remote attacker can connect to the PC and perform dangerous actions. Attacker might be able to list all processes and stop them, download and execute remote files, execute shell commands and modify system settings.It is very important to remove Nerex from your PC. Manual removal might not be able to remove and locate all the infected files, so we recommend to use a legitimate and reputable anti spyware software, which will ensure to remove this parasite completely.
- Tue, 05 Jun 2012 04:31:13 CDT - Wakeminap is a malicious Trojan horse that is made to open a hidden backdoor to the infected computer. It is known to hide over Adobe updater software name. Additionally, it drops a clean file with an extension of .doc, .pdf or .ppt in the %Temp% or %CurrentFolder% directories and then opens it. Wakeminap modifies systems registry, so that it could run every time windows starts.After dropping and enabling itself, Wakeminap opens a backdoor connection for several locations, and then runs in the background by awaiting commands of the remote cybercriminal. This is the list of domains it tries to connect:[http://]www.zadigital.com[http://]xt.toh.info[http://]www.idah oanad.org[http://]www.businessformars.com[http://]www.garyhart.comWhen the remote hacker logs in through the backdoor, he is able to perform several very dangerous actions, like ending processes or executing malicious files. Additionally, it may have the ability to execute shell commands. Here’s a list of actions that could be used by hacker, when the victim's computer is compromised:List running processesEnd processesDownload and execute a remote fileExecute shell commands
- searchbrowsing.com redirect
- Mon, 04 Jun 2012 18:22:44 CDT - "Searchbrowsing.com" is owned/operated by Search Core Systems. it shows paid results from some advertising networks. As the site it is legal and does not distribute any malware. But this site name is used by browser hijackers to redirect victims results and earn money from the paid ads.What is bad with the Searchbrowsing.com?With the site itself nothing. but cybercriminal exploits this site to earn money. There are several viruses, trojans and rootkits called ZeroAccess Rootkit, ZAccess, MAX++, Sirefef, google redirect virus which acts as a hijacker trojan that redirects Google, Yahoo, Bing, MSN and other search engine search results to various websites that are not necessarily related to your search query. All the results they display are comming from various advertising networks. Searchbrowsing.com website is one of the sites where victims are redirected. Criminals get money if they redirect users through PPC results to the sites like Searchbrowsing.com.How to remove Searchbrowsing.com redirects from the system?Searchbrowsing.com is not malicious and does not distribute any malware, but if you hare constantly redorected to this site, them you are infected with some redirect trojan for sure. Get rid of Searchbrowsing.com redirect immediately in order to prevent system discuption protect your privacy and sensitive information.When you are infected you see the following message when you click on search results:"The document has moved, redirecting..."or you see a spinning wheel labeled"Loading..." Deleting Searchbrowsing.com is not an easy task. Even if you delete some files, they come back again after reboot. You can use this guide ‘What to do when Google/Yahoo/Bing results are redirecting? for Searchbrowsing.com redirect removal or some reputable anti-spyware software listed below, for automated removal, or call us for help (the number provided below)....
- Mon, 04 Jun 2012 17:56:27 CDT - Sirefef is a Trojan family that includes different types of parasites, which does different things. Every version has it’s own task, like one component opens all firewall blocks, another downloads malicious files and updates from the internet, then the other tries to hide them all from the system. Some other versions redirect web traffic generate pay-per-click traffic and show annoying pop ups.It is very important to remove Trojan Sirefef from your computer, because it may not only use your computer and internet resources for illegal purposes, but it can also delete files on your system, find sensitive information, like passwords, financial information and send them to a remote server, where cybercriminals can use them. Additionally it may open a remote control connection to your PC.If you will not remove Trojan Sirefef from your PC, it will continue to change your registry settings and other important windows files, which might cause your computer crash. Additionally, it will make your computer much slower, and you might find it difficult to browse the internet,or use search engines, to find information.Sirefef in PPC results in Bing and YahooMicrosoft does not look enough to their paid results and Yahoo shows paid results from Bing. Guys at GFI labs cought Sirefef in their PPC results. If you would search for adobe flash player in Bing and Yahoo, you would get these results some time ago. They look innocent, but if you try to get the flash update from there (in this case from getadobeflash.com), you would be redirected to page which looks like a page to get flash.The page you will land looks like official page from Adobe, where you can get the updates. The small difference is that it is not a page from Adobe. It redirects to a directory on fake site arulbrothers.com, downloading a file from torreandaluz (dot) com/flash/Flash Player 10 Setup.exe....
- Windows Turnkey Console
- Mon, 04 Jun 2012 10:08:31 CDT - Windows Turnkey Console is a rogue security program that displays fake security alerts and pop-ups on the compromised computer to make users think they are infected with malicious software, for example: adware, spyware, rootkits and trojans. It also pretends to scan the infected computer for malicious software and reports system security threats that do not even exist or may be genuine Windows system files. Do not follow on screen instructions outlined by this rogue anti-spyware program; otherwise you can seriously damage the system. Do not give any personal information to scammers, do not fill in any forms and most importantly, do not purchase this bogus security program.It's promoted mostly via fake online virus scanners, infected websites and misleading ads. It may also be distributed via social networks and spam. Most of the time, the rogue program has to be manually installed, but sometimes it may be downloaded onto the infected computer using trojan downloaders and similar malware. One way or another, this rogue program should be removed from the infected computer as soon as possible. Also, it is very important to mention that this rogue security program may come bundled with more aggressive malware. For example, you may not be able to install genuine malware removal software and your search results might be redirected to malicious websites. Not necessary malicious but there will be at least several ads for sure. While running, Windows Turnkey Console virus will block task manager and orher useful system utilities to make the removal process much more complicated. All atempts to open Task manager will trigger the reogue program and it will open its own process manager. Of course, it doesn't alow you to end malicious processes that would not make any sense. The payment page of this fake security program is also made to drive as much sales as it can, showing 30 days money return policy and...
- Blekko Redirect
- Mon, 04 Jun 2012 09:53:17 CDT - Blekko Redirect is a malicious browser hijacker which is made to redirect your browser traffic to sites, which include various advertisements and more malware. It claims to be a legitimate webpage/software, but it’s not. Additionally, it advertises false products, which might steal your personal information. Blekko is able to block you from resetting your browser configuration, to make sure blekko.com is the homepage for your Internet browser. Moreover, it causes pop up screens appear with phishing sites and fake information. Blekko adds favorites and bookmarks without user knowledge too.When user is infected with Blekko Redirect virus, even the Google, Firefox or Bing searches are redirecting to Blekko.com. Additionally, most of the time Blekko comes bundled with other spyware and malware programs, which are very hard to remove manually. If you think, that your are infected with Blekko redirect, we recommend you to do a full system scan with a reputable antimalware program, to ensure that Blekko Redirect will be removed.How do get rid of Blekko Toolbar?it is hard to delete Blekko manually. Virus uses random file names and hides within the system. You need to have some knowledge of your system archtecture to fully delete blekko virus. There is an advanced solution to delete Blekko toolbar, we advice you to use one of anti-spyware programs featured below to fix your system and remove blekko completely.
- Mon, 04 Jun 2012 08:52:59 CDT - OnLineGames is a malicious Trojan family which uses various ways to inject malicious DLL’s to processes. That allows it to avoid detection and execute whenever system processes start. Additionally OnLineGames can register malicious BHO (Browser Helper Objects) and act as a keylogger by collecting user keystrokes.OnLineGames is made to steal passwords and logins from several popular internet games. Here’s a list of them:World of WarcraftThe Lord of the RingsMapleStoryTower of EternityPerfect WorldDungeon & FighterAfter collecting the sensitive information, these trojans try to send the information to remote servers. Moreover, some versions of this malicious trojan are able to modify or delete the HOSTS file. Some versions of OnLineGames can be downloaded by other trojans, or by visiting infected websites. After installing this Trojan, the executive file is self-destroyed by a “bat” file.
- Mon, 04 Jun 2012 07:51:08 CDT - Graftor is a family of malicious Trojan horses which pretends to be legitimate applications. It tries to connect to internet and contact various different servers without user knowledge, probably to get commands from attacker, or to download more malware.Graftor family includes several different types of malware, some of them even pretends to be a media player. Here’s a list of things that it can do:Modifies autorun registry to run automatically when Windows startsCopies malicious executable files into its profile directoryInstalls its components in backgroundConnects to a remote server without user knowledgeCreates a hidden folder (C:addons) and copy itself thereCreates a new directory called "Programas21"Disables users ability to cancel Graftors connection to the InternetIt is very important to remove Graftor from your PC. Manual removal might not delete all files of this Trojan, so it’s recommended doing a full system scan with a reputable anti-malware software to ensure your systems security level is high.
- Warning! Spambot detected!
- Sun, 03 Jun 2012 18:41:37 CDT - Thanks to the fakevimes virus family, during the 2012 year we get new viruses almost every day. We count about hundred of rogue anti-spyware titles related only to this family. Their strategy is so simple - change the name and lauch the clone of the product. All of them have very short cycle of life. Fakevimes parasites are active only for several days. If you are infected with one of their program, you can get this mesage as a fake warning about the infected system:Warning! Spambot detected! Attention! A spambot sending viruses from your e-mail has been detected on your PC.Below we provide the screenshot of this fake warning. There are many warning comming from the fakevimes parasites. All of them are fake. Cybercriminals use scary tactics to make users purchase their fake antivirus program. So if you see a warning "Warning! Spambot detected!" you are infected with one of their parasites, which name varies every day.Please use automated removal solution to get rid of "Warning! Spambot detected!" fake message. The reputable antiispyware software are SpyHunter, Malwarebytes, Anti0malware and Stopzilla.
- Compare.us.com redirect
- Sun, 03 Jun 2012 18:20:42 CDT - compare.us.com is a site which searches across the retail internet collecting prices on millions and millions of products from thousands of retailers. They compare products prices, follow the changes and tries to keep the up to date price of the product in their website.What is bad with the Compare.us.com?With the site itself nothing. but cybercriminal exploits this site to earn money. There is a Virus called Google Redirect Virus (also known as Google Redirect Trojan) which acts as a hijacker trojan that redirects Google, Yahoo, Bing, MSN and other search engine search results to various websites that are not necessarily related to your search query. So Compare.us.com website is one of these sites where victims are redirected. It is important to know that cybercriminal gets money if they redirect users through Pay per Click results to the sites like Compare.us.com.What to do and how to remove Compare.us.com redirects from the system?As we already told, the site Compare.us.com is not malicious, but if you have redirects on your computer, which lead you to this site, that means you are infected with the redirect virus. This is a very high risk threat. You need to get rid of Compare.us.com redirect immediately in order to protect your privacy and prevent harm to your PC.When you are infected you see the following message when you click on search results:"The document has moved, redirecting..."or you see a spinning wheel labeled"Loading..." Removal process of Compare.us.com redirect is a difficult task. Even if you delete some files, they come back again after reboot. You can use this guide ‘What to do when Google/Yahoo/Bing results are redirecting? for Compare.us.com redirect removal or some reputable anti-spyware software listed below, for automated removal, or call us for help (the number provided below)....
- Smart Data Recovery
- Sun, 03 Jun 2012 17:58:28 CDT - Data Recovery is a fake Defragmenter tool which replaces S.M.A.R.T. HDD virus. It is from the same family as FakeHDD, known by the name Smart HDD from the same family as: FakeHDD. It replaces Smart HDD. other tools from the same family are System Check, System Fix, System Restore, Data restore, Data recovery, Master Utilities and many others. This family used Data Recovery name before, but the product was different and repated more to System check, System Fix. This one has other removal instructions. On newer version of Data Recovery you can see big letters S.M.A.R.T. Repair on the application screen. Smart repair virus has nothing to do with actual Data recovery process.Data Recovery reports false information about hard drive errors and system failures to make you think that your computer has a lot of problems. Virus will ask to purchase its paid version to fix all these errors. This is typical for all rogue program, Smart repair virus uses misleading methods to trick users into paying for useless software. Data Recovery is promoted through the use of Trojans and misleading websites.As Smart HDD, S.M.A.R.T. Repair Data recovery will be configured to start automatically when you login to Windows. It will display fake error messages like these:Critical Error RAM memory usage is critically high. RAM memory failure.Critical Error! Damaged hard drive clusters detected. Private data is at risk.Datarecovery is useless. Do not purchase Data recovery, it uses even the same Graphic user Interface as Smart HDD, and if you already have, please contact your credit card company and dispute the charge.To register the SMART Repair Data recovery use this code: 08869246386344953972969146034087 and provide any email address. IT will stop the fake notifications and alerts, but it will not remove the infection itself. We strongly recommend you to use an automatic removal tool because Smart HDD may come...
- Babylon Toolbar
- Sun, 03 Jun 2012 17:40:09 CDT - Babylon Toolbar is a web browser add-on that allows you to get quick translations and definitions directly from your web browser. This toolbar is run by Babylon Ltd - company which develops translation software. Babylon Toolbar and web search are the additional features of this software; however, the toolbar can be installed separately for free. Most of the time, this toolbar comes bundled with other software, usually freeware and shareware. It can be downloaded from the official Babylon website as well. Recently, it came bundled with CNET's software wrapper; however, there are at least several other popular download sites that also distribute this toolbar in one way or another. The toolbar doesn't come bundled with malware or at least we haven't seen any yet. How to remove Isearch.babylon.com from the search page, and uninstall Babylon toolbar?Babylon Search Toolbar works in all major web browsers. Before installing the toolbar, users have to agree to end user software agreement and accept all the changes that will be made during the installation. This web browser toolbar can change the default search engine provider; however, you may leave this setting unchanged. The core components of Babylon Toolbar can be uninstalled via Add/Remove from the Windows Control panel. However, please note that some components of this software, mostly add-on files and web browser settings may not be removed completely and default settings may not be restored to the state they were previously. In such case, you need to remove add-ons associated to this Babylon Toolbar manually. This can be done via web browser settings and properties features. In Internet Explorer it's the add-on manager feature. In Mozilla Firefox it's the add-on manager as well, but the toolbar components will be listed under the web browser extensions tab. The same applies to Google Chrome and Opera web browsers. Don't forget to remove files manually from the extensions and add-ons folder...
- Sun, 03 Jun 2012 17:24:40 CDT - Tinba is a malicious Trojan horse, which steals personal and sensitive information from the compromised computer. This malicious parasite is able to add/remove files and folders, make registry changes and inject into other programs. Additionally it monitors and records network traffic information in the following file:%SystemDrive%Documents and SettingsAll UsersApplication Datadefaultweb.datMoreover, Tinba modifies Mozilla Firefox, to disable warnings when you’re visiting insecure sites. It also modifies system registry to be able to execute every time Windows starts. It will inject malicious code to Internet Explorer, Google Chrome and Mozilla Firefox. Then it injects itself to explorer.exe and svchost.exe processes, and tries to end them.Trojan Timba has another name - Zusy. Timba is famous for its really small size. Including all webinjects and configs it weights only 20kb. It comes without any packing or encryption. Trojan Tinba (Zusy) belongs to the completely new family of malware, security experts believe that we will see more activity from this family this year. The first ones who discovered this trojan were CSIS Security Group A/S. The name was shortened from the words "Tiny Banker" - Tinba. This is a trojan which hooks into browsers and steals all sensitive data, including but not limited to logins and credit card numbers. Trojan is not detected by most antivirus software.Trojan timba uses really sneaky techniques, it infects itself into legitimate processes like explorer.exe, svchost.exe, firefox.exe also it creates process called winvert.exe. It target very small list or sites, moslty financial websites.Here’s a list of command-and-control (C&C) servers, to which Tinba tries to send the stolen information:[http://]dakotavolandos.com[http://]dakotavolandos.com[http ://]dak1otavola1ndos.com[http://]dako22tavol2andos.com[http://]d3akotav33 olandos.com[http://]d4ak4otavolandos.com...