KINS Banking Trojan/Data Theft (credentialed check)

critical Nessus Plugin ID 69555

Synopsis

The remote Windows host has been infected with the KINS Trojan.

Description

The remote Windows host has files that indicate that the KINS banking Trojan has been installed.

False positives may occur if file names identical to files KINS creates are detected on the system.

Solution

Update the host's antivirus software, clean the host, and scan again to ensure its removal. If symptoms persist, re-installation of the infected host is recommended.

See Also

https://blogs.rsa.com/is-cybercrime-ready-to-crown-a-new-kins-inth3wild/

Plugin Details

Severity: Critical

ID: 69555

File Name: kins_detect.nasl

Version: 1.6

Type: local

Agent: windows

Family: Backdoors

Published: 9/3/2013

Updated: 2/1/2022

Configuration: Enable paranoid mode

Asset Inventory: true

Supported Sensors: Nessus Agent

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion, Settings/ParanoidReport