Home Malware Programs Trojans KINS


Posted: July 23, 2013

KINS is a banking Trojan that's distributed through drive-by-download attacks, installed without your consent and proceeds to steal confidential financial information – all with few or no symptoms to tip you off to its attacks. An independently-developed Trojan that appears to be poised to be the successor to Citadel, KINS is classified as a high-level PC threat, and SpywareRemove.com malware researchers recommend the utmost urgency in deleting KINS with powerful anti-malware software. Because KINS is a multiple-component Trojan and uses a boot loader-attacking rootkit (AKA 'bootkit') to ensure its automatic startup, you may need to use exceptional measures to guarantee a safe scanning environment for removing KINS appropriately as elaborated on in this article.

The Kinship Between KINS and Mother Russia

With many malware developers for advanced banking Trojans choosing to keep their heads down to evade law enforcement raids, KINS has arrived at a lucrative time for at least one criminal entrepreneur, with its services recently advertised on Russian malware forums. A for-hire digital thief that any criminal can rent and employ for stealing banking information from hapless victims, KINS includes many of the features that also have been confirmed in high-level security risks like Keylogger Zeus (or Zbot), SpyEye, Carberp or Citadel. In particular, KINS has shown itself to be fully compatible with the Web infection attacks Zeus is well-known for abusing – attacks that can insert malicious content into otherwise normal bank Web pages and capture personal information like credit card numbers or addresses.

One interesting quirk to KINS that inadvertently helps to verify its developer's origin is its specific exclusion of Russia or Ukraine-based PCs in its attacks. This feature, previously seen in other banking Trojans like Citadel, usually is indicative of the original developer being a resident of one of those countries. Its purpose is to help the original criminal developer avoid any entanglements with the local law enforcement. However, SpywareRemove.com malware experts warn that these are the only countries excluded and that KINS is capable of stealing even very private financial and personal information from all Windows PCs through its attacks.

Breaking the Invisible Bonds of KINShip

Any reasonably-competent banking Trojan takes steps to prevent itself from being detected through a visual surveillance of its attacks. KINS follows the expected standards in this respect, with the additional of including a rootkit-loading technique that lets KINS launch even before Windows begins to start. Based on the advanced defenses and concealment techniques in use by KINS, SpywareRemove.com malware experts suggest that you boot any KINS-infected PC through a safe USB drive, and, only then, proceed with disinfecting your computer with any trustworthy anti-malware tools. As always is applicable for PC threats in the midst of regularly-updated campaigns, you also will want to be certain that your anti-malware programs are using the most updated databases they have, which will keep your chances of detecting and removing KINS as high as possible.

Once again, drive-by-downloads and exploit kits (the Blackhole Exploit Kit, Sweet Orange, etc.) are the primary guilty parties for distributing KINS and similar high-level threats. SpywareRemove.com malware researchers regularly recommend updating all relevant software, blocking often-exploited features like Java and, above all else, avoiding potentially-hacked or hostile sites as the best ways of protecting your PC from all exploit kits, including those related to installing KINS.

Related Posts