A banking Trojan named KINS recently made headlines due to its similarities to past Trojans such as Zeus. However,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
RSA noted that it's the first commercially available bootkit, as opposed to the typical rootkit. What's the difference, and will that change have an effect on the evolution of malware and malware defense?
Ask the Expert
Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
The KINS malware is a professional-grade banking Trojan that is quite similar to rootkits such as Zeus, SpyEye and Citadel. It has functionality for a modular architecture, requires minimal technical skill, spreads with exploit packs and infects the most current versions of Windows.
KINS has adopted many of the valuable traits of other malware to make itself more effective and capable of filling the spot of other popular malware that is not currently under active development or support. However, as RSA noted, KINS differs from these other malware attacks because it is a bootkit, not a rootkit. This means that the malware infects a system's volume boot record, which allows it to burrow further into a system than the standard malware that infects the master boot record.
In comparing the two, a rootkit is a collection of tools or programs that grant administrator-level access to a computer or computer network. A bootkit extends the functionality of a rootkit to infect the master boot record so that it can survive reboots and therefore become more difficult to remove. Many times antimalware tools just delete or quarantine a malicious file, but a malicious master boot record cannot just be deleted or moved without damaging the computer.
While KINS is significantly more sophisticated than other types of malware in that it includes almost all of the functionality needed for criminal attacks, it doesn't change the malware defenses needed to protect an organization from it. The mitigation tools for Zeus, SpyEye and Citadel -- such as desktop antimalware, network based antimalware and whitelisting -- should already be in place to defend against such malware, and they will also be effective against KINS.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.