We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

DIY Trojan kit available online

Panda warns of 'Pinch' malware maker

A do-it-yourself kit for developing and customising Trojan malware has been discovered for sale on the web.

The 'Pinch' tool lets criminals with little technical knowledge specify a number of parameters such as which type of password to steal from infected machines. Alternatively, the tabbed-based interface can be made to turn the program into a straightforward key-logger set to capture all keystrokes, take screenshots, or steal specific file types.

Most disturbing of all, the program can also be configured so that infected systems are simply turned into proxies or bots to carry out malicious activity on remote computers, including downloading and hosting other malware. In addition, it can be hidden from the infected PC's owner by opening unusual ports through which to communicate, or invoking rootkit-like self-protection.

"Pinch's main danger is that it is very easy to use, so any malicious user with basic computer knowledge could create a Trojan in a very short time for very little money," said Luis Corrons, technical director of PandaLabs, the company that has publicised the program.

Pinch is sophisticated enough to attack a named list of anti-virus engines, interfere with Windows firewall settings, and spread using a variety of means, including operating as a mass-mailing worm.

Its origins are unclear, but judging by the screenshots in PandaLabs’ analysis of the software, it is most likely Russian.

Malware kits are becoming one of the year's big stories even if their origins lie further back in time.

Earlier this year, a DIY program for man-in-the-middle phishing was found doing the rounds on the wrong websites. It is certainly noteworthy that there are now a small but growing band of programs designed to automate the often complex programming behind malware for the non-programming criminal.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia