Trusteer discovered the virus Tilon, created by the Trojan Silon
Trojan is able to use bait and monitoring in order to avoid detection.
According to the blog post Trusteer, experts found a Trojan virus application company Tilon, established on the basis of the virus Silon, who became famous in 2009 by two-factor authentication bypass feature.
Like its predecessor, the Trojan Tilon aimed at stealing user information systems, e-banking and other financial information. In addition, the virus can hide its presence on the system from the most current antivirus products.
The Trojan uses the so-called MitB technology (Man in the Browser – a person in your browser): the virus is introduced into the software, then takes control of all traffic between the web-user’s browser and web-server.
“Tilon has an impressive list of supported web browsers – Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and possibly other“, – said Amit Klein (Amit Klein), one of the leaders of Trusteer.
According to him, Tilon stands out like him Zeus, SpyEye Shylock and its mechanism to evade detection and removal. When infecting the system trojan embedded in one of the legitimate processes of the system and restore executable file in the event of his removal, “for three seconds.”
In addition, a malicious program deliberately incorrectly installed on the virtual machine, which, in turn, complicates the study of the Trojan.
The researchers found similar to the Zeus botnet Dorifel
Kaspersky Lab has recorded the first malware infection in Europe.
According to the experts from Kaspersky Labs, August 9 this year, the worm has infected Dorifel more than three thousand systems in Europe. At the same time about 90% of infections affect social organization and the business sector of the Netherlands.
“We have seen how the victims became infected Government departments and hospitals – to be notified of the antivirus company. – Other countries with high levels of infection it is worth noting Denmark, Philippines, Germany, USA and Spain. ”
In this case, according to experts, the behavior of the worm is much like Zeus. Thus, malware encrypts the downloaded data and establishes a secure channel of communication between the parties botnets. At the same time, the ultimate goal and purpose Dorifel remain unknown.
“We found some interesting financial information indicating that this action may be associated with ZeuS, or Citadel, but we have no clear evidence” – said the researcher Kaspersky Lab, David Jacoby.
At the moment, the experts could not fully explore all the components Dorifel, but it is known that the worm is able to steal financial information, encrypt files on the system and install a backdoor.