back to article Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000

Cybercrooks have put on sale a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead. KINS promises the ease of use of bank-account-raiding software nasty ZeuS combined with the technical support offered by the team behind Citadel (which …

COMMENTS

This topic is closed for new posts.
  1. Paul Crawford Silver badge

    Secure boot, any help?

    "easily infect machines running Windows 8 and x64 operating systems, and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on."

    That is worrying, as anything that good/stealthy is best killed by booting the machine off a live CD to scan and nuke it. Of course, with secure boot enabled that could be a problem, though we were led to believe it would stop this sort of root-kit ability to pre-empt AV tools.

    Anyone had experience of using the Bitlocker or Kaspersky rescue CDs with a Win8 machine? Did you need to disable secure boot, and was that easy enough to do?

  2. Craigie

    details please

    This is not the daily mail:

    " and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on."

    Please elaborate on 'technology'.

    1. nevstah

      Re: details please

      and..

      "so that it's activated almost as soon as the machines are powered on..."

      so it activates before it receives any power!? thats impressive!!

      "KINS is specifically designed not to infect systems in Russia and the Ukraine by avoiding computers with Russian language keyboard settings..."

      i'll just add a russian laguage keyboard... disaster averted!!

    2. fixit_f
      Thumb Up

      Re: details please

      +1 on this. If I wanted to read vague, wooly journalism on IT stories I'd go to the mainstream media, not a specific tech publication.

    3. Daniel B.
      Boffin

      Re: details please

      Is it a boot sector virus?

      Does it add itself as a service?

      I don't quite blame El Reg for not giving details, it might be that the press release doesn't give us the juicy bits yet.

      1. Anonymous Coward
        Anonymous Coward

        Re: details please

        @Daniel B. - >"I don't quite blame El Reg for not giving details, it might be that the press release doesn't give us the juicy bits yet."

        Read the security blog post that's linked in the article. They don't have much more info yet - no one has seen the malware, just a description of it by its creator/seller.

    4. diodesign Silver badge

      Re: details please

      "Please elaborate on 'technology'."

      I was sorta hoping anyone really interested would read the chap's blog post we linked to. No matter, I've tweaked the article anyway. It's drilling down into the VBR with a bootkit.

      C.

  3. Studley
    Joke

    Scope

    "easily infect machines running Windows 8..."

    Oh, that's a relief. For a minute there I thought we had a problem.

  4. tony2heads

    using RDP

    How about just blocking port 3389 unless YOU decide you need RDP. Wouldn't that help?

    1. Paul Crawford Silver badge

      Re: using RDP

      I would have though most machines are now behind NAT and won't have port-forwarding for this. Unless, of course, there are a lot of routers with UPnP enabled that allow the malware to turn it on...

      1. Colin Millar

        Re: using RDP

        I remember Steve Gibson warning about uPNP (circa 2000) and the massive hole it left in any security measures you might take - I think he used to refer to it as Universal Plug n Pray - I think the FBI were also vehemently against it for a while - until MS "got with the program" I suppose.

        That the RDP service is on by default in Windows is ludicrous. How many people who don't know how to enable a service are going to use RDP? And if they don't know enough to enable a service they definitely shouldn't be playing with RDP.

        As for domestic routers - most of the manufacturers have only just stopped using a single username and password (usually "admin" and "password") for router management. Given that your router is the first line of defence this is a sorely neglected security tool.

    2. jonathanb Silver badge

      Re: using RDP

      Pretty much every router I've seen blocks port 3389, along with every other port, unless you specifically open it, so no, I don't think that will work.

      1. Robert Helpmann??
        Childcatcher

        Re: using RDP

        If RDP were the only vector for this to spread or communicate, then it would not be a problem. More likely, it is just one way out of several, so this could be a real problem once it has gotten into a corporate network. Using an alternative to RDP or changing the default port it uses might have more effect.

  5. adnim
    Joke

    Raid millions of bank accounts....

    Become a banker!

  6. Anonymous Coward
    Anonymous Coward

    My bank just forced me to start using a hand held token generator to access my account, pay bills, make transfers etc. Bloody inconvenient and it times out as you are entering the codes all the time.

    Is it me, or should I expect criminals to have a harder time than me to access my money. :P

    1. Anonymous Coward
      Anonymous Coward

      And why do you think you have afformentioned device? /headhitsdesk

    2. Amorous Cowherder

      Surely if you're in IT you must be using RSA tokens for company access? No different. I hope your company has the half-decent bit of common sense to implement them or I'd start looking for a new job/contract if they don't!

      1. DaLo
        Thumb Down

        RSA Tokens

        Personally after RSA got hacked: http://www.theregister.co.uk/2011/03/18/rsa_breach_leaks_securid_data/ and their appalling handling of the aftermath, I wouldn't go near them or trust them ever again.

    3. Don Jefe
      Happy

      I'm afraid this is mostly you :)

      The banks themselves are, generally, fairly secure, it's the users that cause the problems. If anything you should applaud your bank for implementing more security on the user end instead of just eating the loses and making them up with more fees for everyone.

      If there's a definable user problem with your widget you should put together a simple analysis of the issue and let the bank and the manufacturer know. I can tell you from experience that usable customer feedback is priceless. Most users just scream BROKEN SUX U GUYZ BLOW and that's really, really difficult to work with.

    4. Daniel B.
      Angel

      Welcome to the 21st Century!

      My bank just forced me to start using a hand held token generator to access my account, pay bills, make transfers etc.

      Yay! Welcome to the club, we've been toting keyfob tokens for e-banking since 2007, by law!!! Depending on the system used by said generator, it'll be secure enough to hamper phishing attempts. Only one bank uses SecurID, but the others use one that does seem to have the generated numbers time-fixed so that the code is only valid for a short time.

      I do wonder why banks in other countries haven't done this already?

    5. JaitcH
      WTF?

      The HSBC code generator is hacked

      @AC: My bank just forced me to start using a hand held token generator to access my account

      HSBC, who think they are hot sh*t when it comes to security despite their web sites being hacked, only allows a single 'SecureKey' per retail customer account although they allow commercial accounts to have two.

      As I have accounts in several countries it means I have an equally impressive array of secure keys - all hanging on the wall next to my work station. Fortunately, someone cracked the secure key and now I can access my bank accounts from my Samsung Note which has a code generating program in it.

      BTW, SecureKeys, and similar, have a battery mounted under the bottom L/H of the keyboard. THEY CATCH FIRE, have a picture, so be careful where you keep them.

  7. Anonymous Coward
    Anonymous Coward

    The only good hacker...

    ...is a very dead hacker.

    1. Anonymous Coward
      Thumb Down

      Re: The only good hacker...

      @AC 15:52 - >"The only good hacker... ...is a very dead hacker."

      Wrong website pal. I think you were looking for TMZ.com.

  8. Robinson

    So...

    Do the anti-virus companies have technology to catch this, then? I mean when I power up my PC this evening, how do I know whether or not it's there?

    I'm using Microsoft Security Essentials (or Windows Defender as it's known on Windows 8).

    At work we have McCrapFee.

  9. Anonymous Coward
    Anonymous Coward

    Simple fix.

    "KINS is specifically designed not to infect systems in Russia and the Ukraine by avoiding computers with Russian language keyboard settings"

    Install Russian as an additional language on your system and voilà!!

  10. Anonymous Coward
    Anonymous Coward

    Windows only ..

    "KINS is designed to spread using popular exploit packs such as Neutrino. KINS is capable of easily infecting machines running Windows 8 and other x64 operating systems."

    What other x64 operating systems does it run on?

    What is the attack vector to get onto the system in the first place?

This topic is closed for new posts.

Other stories you might like