Dexter malware infects point-of-sale systems worldwide, researchers say
Dexter malware stole data for tens of thousands of payment cards in recent weeks, Seculert researchers say
IDG News Service - Researchers from Israel-based IT security firm Seculert have uncovered a custom-made piece of malware that infected hundreds of point-of-sale (PoS) systems from businesses in 40 countries in the past few months and stole the data of tens of thousands of payment cards.
The malware was dubbed Dexter after a text string found in some of its components and infected Windows-based PoS systems belonging to big-name retailers, hotels, restaurants and even private parking providers, Seculert researchers said Tuesday in a blog post.
The company's researchers found a sample of the Dexter malware while investigating other threats, Aviv Raff, Seculert's chief technology officer, said Tuesday. After analyzing it, they were able to gain access to a command and control (C&C) server hosted in the Republic of Seychelles, where the malware uploaded the stolen payment card data, he said.
The Dexter malware sends a list of processes running on infected systems to the command and control server, Raff said. The attackers then check whether any of those processes correspond to specific PoS software and if they do, they instruct the malware to dump their memory and upload the data back to the server.
The memory dumps are then parsed with an online tool that runs on the server and can extract payment card "Track 1" and "Track 2" data from them. This is the information written on the magnetic stripes of payment cards and can be used to clone them, Raff said.
Since this is an ongoing attack it's hard to determine exactly how many PoS systems have been compromised so far, but it's probably between 200 and 300, Raff said. The total number of compromised payment cards is equally hard to estimate, but tens of thousands seems to have been compromised just in the past few weeks, he said.
According to statistics gathered from the C&C server, 30 percent of the infected PoS systems are located in the U.S., 19 percent in the U.K. and 9 percent in Canada. However, businesses from the Netherlands, Spain, South Africa, Italy, France, Russia, Poland, Brazil, Turkey and other countries have also been affected, painting the picture of a truly international criminal operation.
The origin of the attackers is unclear, but strings found in the malware suggest that the developers are fluent English speakers, Raff said. Malware writers tend to use words in their own language in the code, especially when they create custom tools like this one, he said.
A little over 50 percent of the infected systems run Windows XP, 17 percent run Windows Home Server, 9 percent run Windows Server 2003 and 7 percent run Windows 7.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Piecing Together the Business Intelligence Puzzle Business intelligence (BI) technology collects and analyzes company data, delivering relevant information to corporate decision-makers in an effort to produce favorable outcomes.
- Harness IT -- An Introduction to Business Intelligence Solutions Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information... All Data Center White Papers | Webcasts