Detections
Analytics
KINS Banking Trojan/Data Theft (credentialed check)
critical Nessus Plugin ID 69555
Language:
Synopsis
The remote Windows host has been infected with the KINS Trojan.Description
The remote Windows host has files that indicate that the KINS banking Trojan has been installed.False positives may occur if file names identical to files KINS creates are detected on the system.
Solution
Update the host's antivirus software, clean the host, and scan again to ensure its removal. If symptoms persist, re-installation of the infected host is recommended.See Also
https://blogs.rsa.com/is-cybercrime-ready-to-crown-a-new-kins-inth3wild/
Plugin Details
Severity: Critical
ID: 69555
File Name: kins_detect.nasl
Version: 1.6
Type: local
Agent: windows
Family: Backdoors
Published: 9/3/2013
Updated: 2/1/2022
Configuration: Enable paranoid mode
Asset Inventory: true
Supported Sensors: Nessus Agent, Nessus
Vulnerability Information
Required KB Items: Settings/ParanoidReport, SMB/Registry/Enumerated, SMB/WindowsVersion