We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

DIY Trojan kit available online

Panda warns of 'Pinch' malware maker

A do-it-yourself kit for developing and customising Trojan malware has been discovered for sale on the web.

The 'Pinch' tool lets criminals with little technical knowledge specify a number of parameters such as which type of password to steal from infected machines. Alternatively, the tabbed-based interface can be made to turn the program into a straightforward key-logger set to capture all keystrokes, take screenshots, or steal specific file types.

Most disturbing of all, the program can also be configured so that infected systems are simply turned into proxies or bots to carry out malicious activity on remote computers, including downloading and hosting other malware. In addition, it can be hidden from the infected PC's owner by opening unusual ports through which to communicate, or invoking rootkit-like self-protection.

"Pinch's main danger is that it is very easy to use, so any malicious user with basic computer knowledge could create a Trojan in a very short time for very little money," said Luis Corrons, technical director of PandaLabs, the company that has publicised the program.

Pinch is sophisticated enough to attack a named list of anti-virus engines, interfere with Windows firewall settings, and spread using a variety of means, including operating as a mass-mailing worm.

Its origins are unclear, but judging by the screenshots in PandaLabs’ analysis of the software, it is most likely Russian.

Malware kits are becoming one of the year's big stories even if their origins lie further back in time.

Earlier this year, a DIY program for man-in-the-middle phishing was found doing the rounds on the wrong websites. It is certainly noteworthy that there are now a small but growing band of programs designed to automate the often complex programming behind malware for the non-programming criminal.

IDG UK Sites

45 Best Android games: top Android games for your smartphone or tablet in 2014 (24 are free!)

IDG UK Sites

How Apple, Adobe, Microsoft and others have let us down over UltraHD and hiDPI screens

IDG UK Sites

Do you have the X-Factor too? Mix Off app puts fans in the frame

IDG UK Sites

iPad Pro release date, rumours and leaked images - 12.9 screen 'coming in 2015'