Recently RSA blogged about a new malware variant named KINS. The malware is advertised, apart from having typical features like ZeuS and SpyEye, as jumping into in the gap that the other malware families have left open.
KINS is short for “Kasper Internet Non Security”, obviously a reference to the similarly named Kaspersky product. The name has been thought up to have an actual catchy name to help sell. It has been used in the wild (although in private) since at least December 2011, for over one and a half years. Fox-IT InTELL started to research this threat in January 2012 by reverse engineering the malware and researching the relationships it had. It is fully based on the leaked ZeuS source code. The logo is Casper, the friendly ghost, but obviously this malware is much less friendly to its victims. On top of that it’s also unfriendly to researchers.
