The new banking trojan ‘KINS’

According to Security magazine http://www.scmagazine.com, there is a new banking Trojan being sold in the cyber-crime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors”( blogs.rsa.com). the malware is called KINS, the developer is “selling it for $5,000” (csoonline.com, July 24, 2013).

Banking trojan KINS
Banking trojan KINS

“”[KINS is] a new professional-grade banking Trojan that is very likely taking its first steps in the cybercrime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors,” Limor Kessem”(csoonline.com, July 24, 2013)

“KINS’ author also appears to have adopted some of the “best practices” of his forbearers, RSA said. For instance, it’s build to stay away from Trojan trackers, can be spread by popular exploit packs like Neutrino and will more deeply infect a Windows machine by poisoning its Volume Boot Record. the features are like;

  • Keeping KINS away from Trojan trackers – a problem that plagued SpyEye
  • Spread via popular exploit packs such as Neutrino – using one of the most sophisticated packs out there
  • A Bootkit in store – the Trojan will take hold of the infected computer from a much deeper level, it’s Volume Boot Record (VBR)
  • KINS will easily infect machines running Win8 and x64 operating systems (blogs.rsa.com, 23 July,2013)

These bad apps also typically change their characteristics very rapidly. “It’s designed to morph itself every time it runs so it’s polymorphic in nature,” Rahul Kashyap, chief security architect with Bromium, said in an interview. “That means they’re very difficult to detect reliably.”” (csoonline.com, July 24, 2013).

The features of KINS are;

“shares a few features of Zeus and SpyEye:

  • KINS architecture is built like Zeus/SpyEye, with a main file and DLL-based plugins
  • KINS is compatible with Zeus web injections, the same as SpyEye
  • KINS comes with the Anti-Rapport plugin which was featured in SpyEye
  • KINS will work with RDP (like SpyEye)
  • KINS does not require technical savvy – much as Zeus doesn’t
  • Users in USSR countries will not be infected by KINS[1] – a feature that was first introduced by Citadel in January 2012.
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s