Tilon is a dangerous banking Trojan that seems to be a successor of Silon, a dangerous banking Trojan that was mainly active in 2010 and early 2011. Although the Silon banking Trojan's online presence started to decrease, PC security researchers observed that Silon had still been updated a couple of times in order to keep it active. Unfortunately, a new banking Trojan named Tilon was first encountered in July of 2012. This malware threat seems to exhibit many of the same traits characteristic of a Silon malware infection.
The Consequences of the Tilon Attack
Tilon is designed to inject itself into a web browser in order to control and monitor all traffic that occurs using the infected web browser. Tilon has the capacity to inject itself into all the major web browsers, including Internet Explorer, Firefox and Chrome. Tilon uses form grabbing, that is, Tilon captures form submissions, which Tilon can then relay to a remote server. This allows criminals to steal passwords, login data and even important private information (for example, addresses, telephone and social security numbers). Tilon also has the capability to alter certain web pages with its own content in order to scam computer users. Although this may all sound impressive, it is standard fare for major banking Trojans today, such as Zeus and Silon itself. However, PC security researchers have been impressed by the way Tilon evades detection and removal.
How Tilon Hides Itself from Detection and Removal
One of the reasons why it is difficult to study Tilon properly is that Tilon cannot be installed on virtual machines. PC security researchers use virtual machines in order to study the effects of a malware infection in a safe environment. However, instead of just stopping the installation process or not working entirely, Tilon installs a fake rogue security program. Due to the fact that rogue security applications are among the most common kind of malware threats today, this clever tactic can make PC security researchers dismiss Tilon as just one of the thousands of fake anti-virus programs found online. Tilon also injects its own malicious code into legitimate Windows file processes, making it difficult to detect Tilon as a malicious program in the Task Manager. Tilon has the ability to monitor whether its Windows Registry entry or file is removed and replaces itself within seconds. Tilon has a very low detection rate, with only about one in ten security programs being able to detect this threat. Because of this, you should make sure to update your security software with the latest malware databases.
Infected with Tilon? Scan Your PC for FreeDownload SpyHunter’s Spyware Scanner
to Detect Tilon
Security Doesn't Let You Download SpyHunter or Access the Internet?
Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
If you still can't install SpyHunter? View other possible causes of installation issues.