A banking Trojan named KINS recently made headlines due to its similarities to past Trojans such as Zeus. However,...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
RSA noted that it's the first commercially available bootkit, as opposed to the typical rootkit. What's the difference, and will that change have an effect on the evolution of malware and malware defense?
Ask the Expert
Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
The KINS malware is a professional-grade banking Trojan that is quite similar to rootkits such as Zeus, SpyEye and Citadel. It has functionality for a modular architecture, requires minimal technical skill, spreads with exploit packs and infects the most current versions of Windows.
KINS has adopted many of the valuable traits of other malware to make itself more effective and capable of filling the spot of other popular malware that is not currently under active development or support. However, as RSA noted, KINS differs from these other malware attacks because it is a bootkit, not a rootkit. This means that the malware infects a system's volume boot record, which allows it to burrow further into a system than the standard malware that infects the master boot record.
In comparing the two, a rootkit is a collection of tools or programs that grant administrator-level access to a computer or computer network. A bootkit extends the functionality of a rootkit to infect the master boot record so that it can survive reboots and therefore become more difficult to remove. Many times antimalware tools just delete or quarantine a malicious file, but a malicious master boot record cannot just be deleted or moved without damaging the computer.
While KINS is significantly more sophisticated than other types of malware in that it includes almost all of the functionality needed for criminal attacks, it doesn't change the malware defenses needed to protect an organization from it. The mitigation tools for Zeus, SpyEye and Citadel -- such as desktop antimalware, network based antimalware and whitelisting -- should already be in place to defend against such malware, and they will also be effective against KINS.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.