We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

DIY Trojan kit available online

Panda warns of 'Pinch' malware maker

A do-it-yourself kit for developing and customising Trojan malware has been discovered for sale on the web.

The 'Pinch' tool lets criminals with little technical knowledge specify a number of parameters such as which type of password to steal from infected machines. Alternatively, the tabbed-based interface can be made to turn the program into a straightforward key-logger set to capture all keystrokes, take screenshots, or steal specific file types.

Most disturbing of all, the program can also be configured so that infected systems are simply turned into proxies or bots to carry out malicious activity on remote computers, including downloading and hosting other malware. In addition, it can be hidden from the infected PC's owner by opening unusual ports through which to communicate, or invoking rootkit-like self-protection.

"Pinch's main danger is that it is very easy to use, so any malicious user with basic computer knowledge could create a Trojan in a very short time for very little money," said Luis Corrons, technical director of PandaLabs, the company that has publicised the program.

Pinch is sophisticated enough to attack a named list of anti-virus engines, interfere with Windows firewall settings, and spread using a variety of means, including operating as a mass-mailing worm.

Its origins are unclear, but judging by the screenshots in PandaLabs’ analysis of the software, it is most likely Russian.

Malware kits are becoming one of the year's big stories even if their origins lie further back in time.

Earlier this year, a DIY program for man-in-the-middle phishing was found doing the rounds on the wrong websites. It is certainly noteworthy that there are now a small but growing band of programs designed to automate the often complex programming behind malware for the non-programming criminal.

IDG UK Sites

How to get a free EE Power Bar: Mobile and broadband customers eligible for free smartphone charger

IDG UK Sites

Why Netflix won't terminate your account for using a VPN, probably

IDG UK Sites

Forever 21 denies pirating Adobe, Autodesk and Corel software, accuses companies of 'bullying'

IDG UK Sites

New Apple TV 2015 release date rumours: Apple's WWDC invite shows Apple TV