We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

DIY Trojan kit available online

Panda warns of 'Pinch' malware maker

A do-it-yourself kit for developing and customising Trojan malware has been discovered for sale on the web.

The 'Pinch' tool lets criminals with little technical knowledge specify a number of parameters such as which type of password to steal from infected machines. Alternatively, the tabbed-based interface can be made to turn the program into a straightforward key-logger set to capture all keystrokes, take screenshots, or steal specific file types.

Most disturbing of all, the program can also be configured so that infected systems are simply turned into proxies or bots to carry out malicious activity on remote computers, including downloading and hosting other malware. In addition, it can be hidden from the infected PC's owner by opening unusual ports through which to communicate, or invoking rootkit-like self-protection.

"Pinch's main danger is that it is very easy to use, so any malicious user with basic computer knowledge could create a Trojan in a very short time for very little money," said Luis Corrons, technical director of PandaLabs, the company that has publicised the program.

Pinch is sophisticated enough to attack a named list of anti-virus engines, interfere with Windows firewall settings, and spread using a variety of means, including operating as a mass-mailing worm.

Its origins are unclear, but judging by the screenshots in PandaLabs’ analysis of the software, it is most likely Russian.

Malware kits are becoming one of the year's big stories even if their origins lie further back in time.

Earlier this year, a DIY program for man-in-the-middle phishing was found doing the rounds on the wrong websites. It is certainly noteworthy that there are now a small but growing band of programs designed to automate the often complex programming behind malware for the non-programming criminal.

IDG UK Sites

Acer Aspire R11 review: Hands-on with the 360 laptop and tablet convertible

IDG UK Sites

Apple Watch release day: Twitter reacts

IDG UK Sites

See how Framestore created a shape-shifting, oil and metal based creature for Shell

IDG UK Sites

Apple Watch buying guide, price list & where to buy today: Which Apple Watch model, size, material,?......