KINS malware: Rootkit vs. bootkit

    Requires Free Membership to View

A banking Trojan named KINS recently made headlines due to its similarities to past Trojans such as Zeus. However, RSA noted that it's the first commercially available bootkit, as opposed to the typical rootkit. What's the difference, and will that change have an effect on the evolution of malware and malware defense?

Ask the Expert

Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)

The KINS malware is a professional-grade banking Trojan that is quite similar to rootkits such as Zeus, SpyEye and Citadel. It has functionality for a modular architecture, requires minimal technical skill, spreads with exploit packs and infects the most current versions of Windows.

KINS has adopted many of the valuable traits of other malware to make itself more effective and capable of filling the spot of other popular malware that is not currently under active development or support. However, as RSA noted, KINS differs from these other malware attacks because it is a bootkit, not a rootkit. This means that the malware infects a system's volume boot record, which allows it to burrow further into a system than the standard malware that infects the master boot record.

In comparing the two, a rootkit is a collection of tools or programs that grant administrator-level access to a computer or computer network. A bootkit extends the functionality of a rootkit to infect the master boot record so that it can survive reboots and therefore become more difficult to remove. Many times antimalware tools just delete or quarantine a malicious file, but a malicious master boot record cannot just be deleted or moved without damaging the computer.

While KINS is significantly more sophisticated than other types of malware in that it includes almost all of the functionality needed for criminal attacks, it doesn't change the malware defenses needed to protect an organization from it. The mitigation tools for Zeus, SpyEye and Citadel -- such as desktop antimalware, network based antimalware and whitelisting -- should already be in place to defend against such malware, and they will also be effective against KINS.

This was first published in January 2014

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: