KINS Banking Trojan/Data Theft (credentialed check)

Critical Nessus Plugin ID 69555

Synopsis

The remote Windows host has been infected with the KINS Trojan.

Description

The remote Windows host has files that indicate that the KINS banking Trojan has been installed.

False positives may occur if file names identical to files KINS creates are detected on the system.

Solution

Update the host's antivirus software, clean the host, and scan again to ensure its removal. If symptoms persist, re-installation of the infected host is recommended.

See Also

https://blogs.rsa.com/is-cybercrime-ready-to-crown-a-new-kins-inth3wild/

Plugin Details

Severity: Critical

ID: 69555

File Name: kins_detect.nasl

Version: 1.4

Type: local

Family: Backdoors

Published: 2013/09/03

Modified: 2018/05/16

Dependencies: 13855

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion, Settings/ParanoidReport