A banking Trojan named KINS recently made headlines due to its similarities to past Trojans such as Zeus. However,...
RSA noted that it's the first commercially available bootkit, as opposed to the typical rootkit. What's the difference, and will that change have an effect on the evolution of malware and malware defense?
Ask the Expert
Have questions about enterprise threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
The KINS malware is a professional-grade banking Trojan that is quite similar to rootkits such as Zeus, SpyEye and Citadel. It has functionality for a modular architecture, requires minimal technical skill, spreads with exploit packs and infects the most current versions of Windows.
KINS has adopted many of the valuable traits of other malware to make itself more effective and capable of filling the spot of other popular malware that is not currently under active development or support. However, as RSA noted, KINS differs from these other malware attacks because it is a bootkit, not a rootkit. This means that the malware infects a system's volume boot record, which allows it to burrow further into a system than the standard malware that infects the master boot record.
In comparing the two, a rootkit is a collection of tools or programs that grant administrator-level access to a computer or computer network. A bootkit extends the functionality of a rootkit to infect the master boot record so that it can survive reboots and therefore become more difficult to remove. Many times antimalware tools just delete or quarantine a malicious file, but a malicious master boot record cannot just be deleted or moved without damaging the computer.
While KINS is significantly more sophisticated than other types of malware in that it includes almost all of the functionality needed for criminal attacks, it doesn't change the malware defenses needed to protect an organization from it. The mitigation tools for Zeus, SpyEye and Citadel -- such as desktop antimalware, network based antimalware and whitelisting -- should already be in place to defend against such malware, and they will also be effective against KINS.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
USB Killer devices, with the ability to destroy systems via a USB input, are available and inexpensive. Expert Nick Lewis explains how they work and ...continue reading
Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how ...continue reading
The Nemucod downloader malware is being spread through Facebook Messenger disguised as an image file. Expert Nick Lewis explains the available ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.