back to article Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000

Cybercrooks have put on sale a new professional-grade Trojan toolkit called KINS that will pose plenty of problems for banks and their customers in the months and years ahead. KINS promises the ease of use of bank-account-raiding software nasty ZeuS combined with the technical support offered by the team behind Citadel (which …

COMMENTS

This topic is closed for new posts.
Silver badge

Secure boot, any help?

"easily infect machines running Windows 8 and x64 operating systems, and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on."

That is worrying, as anything that good/stealthy is best killed by booting the machine off a live CD to scan and nuke it. Of course, with secure boot enabled that could be a problem, though we were led to believe it would stop this sort of root-kit ability to pre-empt AV tools.

Anyone had experience of using the Bitlocker or Kaspersky rescue CDs with a Win8 machine? Did you need to disable secure boot, and was that easy enough to do?

3
0

details please

This is not the daily mail:

" and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on."

Please elaborate on 'technology'.

21
1

Re: details please

and..

"so that it's activated almost as soon as the machines are powered on..."

so it activates before it receives any power!? thats impressive!!

"KINS is specifically designed not to infect systems in Russia and the Ukraine by avoiding computers with Russian language keyboard settings..."

i'll just add a russian laguage keyboard... disaster averted!!

3
0
Thumb Up

Re: details please

+1 on this. If I wanted to read vague, wooly journalism on IT stories I'd go to the mainstream media, not a specific tech publication.

7
0
Silver badge
Boffin

Re: details please

Is it a boot sector virus?

Does it add itself as a service?

I don't quite blame El Reg for not giving details, it might be that the press release doesn't give us the juicy bits yet.

2
0
Silver badge

Re: details please

@Daniel B. - >"I don't quite blame El Reg for not giving details, it might be that the press release doesn't give us the juicy bits yet."

Read the security blog post that's linked in the article. They don't have much more info yet - no one has seen the malware, just a description of it by its creator/seller.

0
0
Silver badge

Re: details please

"Please elaborate on 'technology'."

I was sorta hoping anyone really interested would read the chap's blog post we linked to. No matter, I've tweaked the article anyway. It's drilling down into the VBR with a bootkit.

C.

0
0
Joke

Scope

"easily infect machines running Windows 8..."

Oh, that's a relief. For a minute there I thought we had a problem.

16
2
Bronze badge

using RDP

How about just blocking port 3389 unless YOU decide you need RDP. Wouldn't that help?

0
0
Silver badge

Re: using RDP

I would have though most machines are now behind NAT and won't have port-forwarding for this. Unless, of course, there are a lot of routers with UPnP enabled that allow the malware to turn it on...

0
0
Silver badge

Re: using RDP

Pretty much every router I've seen blocks port 3389, along with every other port, unless you specifically open it, so no, I don't think that will work.

0
0

Re: using RDP

I remember Steve Gibson warning about uPNP (circa 2000) and the massive hole it left in any security measures you might take - I think he used to refer to it as Universal Plug n Pray - I think the FBI were also vehemently against it for a while - until MS "got with the program" I suppose.

That the RDP service is on by default in Windows is ludicrous. How many people who don't know how to enable a service are going to use RDP? And if they don't know enough to enable a service they definitely shouldn't be playing with RDP.

As for domestic routers - most of the manufacturers have only just stopped using a single username and password (usually "admin" and "password") for router management. Given that your router is the first line of defence this is a sorely neglected security tool.

1
2
Bronze badge
Childcatcher

Re: using RDP

If RDP were the only vector for this to spread or communicate, then it would not be a problem. More likely, it is just one way out of several, so this could be a real problem once it has gotten into a corporate network. Using an alternative to RDP or changing the default port it uses might have more effect.

1
0
Silver badge
Joke

Raid millions of bank accounts....

Become a banker!

10
0
Anonymous Coward

My bank just forced me to start using a hand held token generator to access my account, pay bills, make transfers etc. Bloody inconvenient and it times out as you are entering the codes all the time.

Is it me, or should I expect criminals to have a harder time than me to access my money. :P

0
2
Anonymous Coward

And why do you think you have afformentioned device? /headhitsdesk

7
0
Silver badge

Surely if you're in IT you must be using RSA tokens for company access? No different. I hope your company has the half-decent bit of common sense to implement them or I'd start looking for a new job/contract if they don't!

0
0
Silver badge
Happy

I'm afraid this is mostly you :)

The banks themselves are, generally, fairly secure, it's the users that cause the problems. If anything you should applaud your bank for implementing more security on the user end instead of just eating the loses and making them up with more fees for everyone.

If there's a definable user problem with your widget you should put together a simple analysis of the issue and let the bank and the manufacturer know. I can tell you from experience that usable customer feedback is priceless. Most users just scream BROKEN SUX U GUYZ BLOW and that's really, really difficult to work with.

2
0
Silver badge
Angel

Welcome to the 21st Century!

My bank just forced me to start using a hand held token generator to access my account, pay bills, make transfers etc.

Yay! Welcome to the club, we've been toting keyfob tokens for e-banking since 2007, by law!!! Depending on the system used by said generator, it'll be secure enough to hamper phishing attempts. Only one bank uses SecurID, but the others use one that does seem to have the generated numbers time-fixed so that the code is only valid for a short time.

I do wonder why banks in other countries haven't done this already?

1
0
Bronze badge
Thumb Down

RSA Tokens

Personally after RSA got hacked: http://www.theregister.co.uk/2011/03/18/rsa_breach_leaks_securid_data/ and their appalling handling of the aftermath, I wouldn't go near them or trust them ever again.

1
0
Silver badge
WTF?

The HSBC code generator is hacked

@AC: My bank just forced me to start using a hand held token generator to access my account

HSBC, who think they are hot sh*t when it comes to security despite their web sites being hacked, only allows a single 'SecureKey' per retail customer account although they allow commercial accounts to have two.

As I have accounts in several countries it means I have an equally impressive array of secure keys - all hanging on the wall next to my work station. Fortunately, someone cracked the secure key and now I can access my bank accounts from my Samsung Note which has a code generating program in it.

BTW, SecureKeys, and similar, have a battery mounted under the bottom L/H of the keyboard. THEY CATCH FIRE, have a picture, so be careful where you keep them.

1
0
Anonymous Coward

The only good hacker...

...is a very dead hacker.

0
1
Silver badge
Thumb Down

Re: The only good hacker...

@AC 15:52 - >"The only good hacker... ...is a very dead hacker."

Wrong website pal. I think you were looking for TMZ.com.

0
0

So...

Do the anti-virus companies have technology to catch this, then? I mean when I power up my PC this evening, how do I know whether or not it's there?

I'm using Microsoft Security Essentials (or Windows Defender as it's known on Windows 8).

At work we have McCrapFee.

0
0
Bronze badge

Simple fix.

"KINS is specifically designed not to infect systems in Russia and the Ukraine by avoiding computers with Russian language keyboard settings"

Install Russian as an additional language on your system and voilà!!

0
0
Anonymous Coward

Windows only ..

"KINS is designed to spread using popular exploit packs such as Neutrino. KINS is capable of easily infecting machines running Windows 8 and other x64 operating systems."

What other x64 operating systems does it run on?

What is the attack vector to get onto the system in the first place?

0
0
This topic is closed for new posts.

Forums