Tilon

Tilon is a dangerous banking Trojan that seems to be a successor of Silon, a dangerous banking Trojan that was mainly active in 2010 and early 2011. Although the Silon banking Trojan's online presence started to decrease, PC security researchers observed that Silon had still been updated a couple of times in order to keep it active. Unfortunately, a new banking Trojan named Tilon was first encountered in July of 2012. This malware threat seems to exhibit many of the same traits characteristic of a Silon malware infection.
 

The Consequences of the Tilon Attack

Tilon is designed to inject itself into a web browser in order to control and monitor all traffic that occurs using the infected web browser. Tilon has the capacity to inject itself into all the major web browsers, including Internet Explorer, Firefox and Chrome. Tilon uses form grabbing, that is, Tilon captures form submissions, which Tilon can then relay to a remote server. This allows criminals to steal passwords, login data and even important private information (for example, addresses, telephone and social security numbers). Tilon also has the capability to alter certain web pages with its own content in order to scam computer users. Although this may all sound impressive, it is standard fare for major banking Trojans today, such as Zeus and Silon itself. However, PC security researchers have been impressed by the way Tilon evades detection and removal.
 

How Tilon Hides Itself from Detection and Removal

One of the reasons why it is difficult to study Tilon properly is that Tilon cannot be installed on virtual machines. PC security researchers use virtual machines in order to study the effects of a malware infection in a safe environment. However, instead of just stopping the installation process or not working entirely, Tilon installs a fake rogue security program. Due to the fact that rogue security applications are among the most common kind of malware threats today, this clever tactic can make PC security researchers dismiss Tilon as just one of the thousands of fake anti-virus programs found online. Tilon also injects its own malicious code into legitimate Windows file processes, making it difficult to detect Tilon as a malicious program in the Task Manager. Tilon has the ability to monitor whether its Windows Registry entry or file is removed and replaces itself within seconds. Tilon has a very low detection rate, with only about one in ten security programs being able to detect this threat. Because of this, you should make sure to update your security software with the latest malware databases.