Details about a new trojan named KINS (“Kasper Internet Non Security”) targeting the banking and financial sector is being discussed and available in underground markets. KINS is reported to have capabilities that rival existing trojans such as Citadel, SpyEye and Zeus. If all the underground chat is accurate, we will start seeing it in the wild soon.
One very unusual aspect of KINS is that it’ll be the first commercial Trojan sold as a bootkit (replaces/bypasses the normal system startup). Unlike a rootkit, a bootkit is a very nasty way to infect computers on a much deeper level (master boot record). The really bad part about bootkits is their ability to allow the malware to execute before the operating system boots.
KINS will affect PCs but not Macs. “KINS is a PC Trojan and fraudsters are talking about how it’s deployable on Windows 8″.
CSO Online reports the new malware is selling for just $5,000 at this time. A message was recently translated by RSA in an underground Russian forum stating the trojan was developed new from the ground up. Just like Citadel this new trojan won’t work in former Soviet Union countries. KINS is gaining in popularity with cybercriminals because they can simply purchase the software and execute their criminal plans. With a small $5,000 entry price, it is increasingly becoming easier to launch significant cyberattacks on organizations.
In a recent RSA blog report: “As the story unfolds, it is not surprising that KINS’ developer is being ushered into the Russian-speaking cybercrime community with much enthusiasm, commended for his decision to make KINS commercial and share it the old-fashioned way.
Beyond being advertised on the most exclusive venues where all other major Trojans were introduced in the past, KINS appears already to be a familiar name in the underground, its developer is responsive and further offers technical support to new customers, which has become a strong selling point for any malware vendor.
With all other major malware developers choosing to lay low to avoid imminent arrest by law enforcement authorities, KINS’ author is very sure to see an immediate demand for his Trojan, so long as he can avoid capture himself and as soon as high-ranking peers sign off on its crime-grade quality. As that happens, anti-fraud teams around the world may be dealing with a new Trojan in the very near future.”
Additional details and context available from ThreatPost.
I always welcome your input and comments.
Follow Tim on Twitter at http://twitter.com/timlaytonsr
Read New Articles at http://www.timlaytoncybersecurity.com
Connect with Tim on LinkedIn at http://www.linkedin.com/in/timlayton