Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, July 24, 2013

New Trojan could create headaches for banks, customers

The developer’s new malware is called KINS, and he’s selling it for $5,000 a pop, although that price is likely to climb if the malware is a good as he brags it is. “[KINS is] a new professional-grade banking Trojan that is very likely taking its first steps in the cybercrime underground and could be poised to infect new victims as quickly and effectively as its Zeus, SpyEye and Citadel predecessors,” Limor Kessem, a cybercrime specialist with RSA, the security division of EMC, wrote in a blog post on Tuesday.


The Trojan is entering the market at an opportune time, as developers of such major banking malware have either retired, gone into hiding or otherwise removed their skills from the open market.

In a message posted to a Russian language underground forum and translated by RSA, KINS’ developer said the malware has been developed from scratch and not a modification of another product.

One plug-in is already available for $2,000, according to the malware developer’s forum posting, to counter Rapport, a popular fraud protection program currently used by banks.

“The bad guys have figured out that they can make the most money by selling plug-ins, which provide extra functionality,” Roel Schouwenberg, a senior researcher with Kaspersky Lab, said in an email.

KINS is also compatible with Zeus web injections and works with RDP, as was SpyEye, and won’t work in former Soviet Union countries—a practice introduced by Citadel.

“The American police aren’t going to go after the developer so he doesn’t mind if computers in the states get infected,” RSA’s Kessem explained.

For instance, it’s build to stay away from Trojan trackers, can be spread by popular exploit packs like Neutrino and will more deeply infect a Windows machine by poisoning its Volume Boot Record.


Posted on 07/24