Security firm IDs malware used in Target attack
iSight describes Trojan as sophisticated derivate of older point-of-sale malware
Computerworld - A security company that worked with the U.S. Secret Service to investigate the data breach at Target identified the malware used in the attack as a sophisticated derivative of a previously known Trojan program designed to steal data from Point-of-Sale (POS) systems.
In a report released Thursday, iSight Partners identified the tool as Trojan.POSRAM, which it described as software that can find, store and transmit credit card and PIN numbers from POS systems.
The Trojan is being used in a "persistent, wide ranging, and sophisticated" cyber campaign dubbed KAPTOXA targeting "many operators" of POS systems, the company warned. Some affected companies may not yet know they've been compromised or have already lost data, the iSight report noted. It did not mention Target as the company that was investigated.
Tiffany Jones, the author of the report, described the POSRAM Trojan as a customized version of BlackPOS, a piece of malware that has been available in the cyber underground since at least last February.
Like BlackPOS, the POSRAM Trojan is designed to steal a card's magnetic stripe data while it is stored momentarily in a POS system's memory, just after a credit or debit card is swiped at the terminal.
After infecting a POS terminal, the malware monitors the memory address spaces on the device for specific information. When it finds something of interest, the software saves the data to a local file and then transfers it to the attackers at preset times. It then is coded to delete the local file to cover its tracks.
According to Jones, at least 75% of the code in POSRAM is similar to the code in BlackPOS. Where POSRAM differs is in the methods it uses to evade detection by anti-malware tools, said Jones, who is a senior vice president of client solutions and support at iSight.
At the time the code was discovered, even fully updated antivirus tools would not have been able to detect the malware. "This software contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect," the iSight report said.
Because of the ongoing investigation, iSight is not able to disclose how the attackers have managed to install the malware on targeted POS systems, Jones said. But retailers who are concerned about their systems should get in touch immediately with the Secret Service, she said.
Target earlier this month disclosed that sensitive data on 40 million debit and credit cards and other personal information such as emails, phone numbers and full names of an additional 70 million people was compromised in a data breach that occurred over Thanksgiving.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts