Custom Trojan Creation Tool Sold Online

Finch writes "Net Security.org is reporting on the surprisingly sophisticated 'virus in a can' software called Pinch. Pinch is a tool sold on several online forums and designed to create Trojans. It allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. It is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it. 'Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.'"

Re:Scary stuff to be sure

[realmolo]

Eh. Trojans/rootkits/viruses built form these "kits" tend to all be very similar. Essentially, if you defend against one, you're defended against all the others.

Never mind the fact that it's a fucking KIT. If YOU can download it, so can the anti-virus people in order to figure out how to detect viruses made with it.

The interesting thing about modern viruses/trojans/whatever is that very few of them are really *viruses* anymore. They rely almost completely on simply getting a user to manually run (or at least give permission to the system to run) an obfuscated executable. It's sad that the technique is so successful.

Re:Torrent?

[PCM2]

apparently two out of three pinch downloads was infected with "Win32/PSW.LdPinch.P4 trojan"

Did you stop to think that maybe the construction set was identified as a Trojan because it ... you know ... contained the code for a Trojan? As in ... if it tripped your antivirus then you probably had the right one.