Malware used in Target attack publicized

azasadny

Moved to ten*****s.com
VIP Member
Guru
Messages
1,935
Location
Wyandotte, MI (South of Detroit)
Malware used in Target attack publicized


After US retailer Target has confirmed that a malware infection on its Point of Sale (POS) terminals played a key role in the data breach affecting more than 110 million customers, security writer Brian Krebs has published details on the malware used in the attack.
The attackers managed to place an information stealing Trojan, known as Infostealer.Reedum.B on Target's POS terminals. This malware is capable of capturing data that is briefly stored in the memory of the POS device. The information it steals includes the card’s magnetic swipe data, which can potentially allow attackers to print cloned copies of the cards.
Target has yet to publicly comment on how the attackers breached its security to install the malware on POS terminals. However Krebs reported that sources close to the retailer said that the attackers had compromised a company Web server and used that as their point of access. They then established a control server inside Target’s network, which acted as a dump for the stolen information. The attackers logged in at regular intervals to download stolen data.
Symantec can confirm that the malware used in the attack on target was Infostealer.Reedum.B and protection is in place for the threat.
Reedum is just one of a number of pieces of malware that target Point of Sale terminals. Others include:
• Infostealer.Dexter: This Trojan steals system information from infected terminals. It targets login details, the computer name, the operating system, details on system uptime and running processes. It also attempts to collect personal information from system memory files.
• Infostealer.Alina: This Trojan disguises itself as commonly used applications, such as Adobe Flash, Java or the Windows Firewall. It collects information about the terminal it has infected, including the computer name, the path of the threat, the system volume and serial number and the version of the threat. It also enumerates running processes on the infected machine. All of this data is then transmitted to a remote location. This Trojan is also capable of downloading updates for itself when necessary.
• Infostealer.Vskim: Another Trojan designed to steal information from a compromised terminal, this threat disguises itself as svchost.exe, a standard Windows system process. It attempts to bypass the Windows Firewall by creating a registry entry to exempt it from scrutiny. The information it steals includes system locale, the computer name, the user name, the Windows version and information from the registry. This data is then sent to a remote location.
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
POS terminals run Windows? Yikes! They really should be running a hardened special purpose OS, not a bug-riddled consumer one. I guess that gives new meaning to "POS"!
 

My Computer

System One

  • OS
    Windows 8.1 consumer 64 bit
    Computer type
    Laptop
    System Manufacturer/Model
    Acer Aspire M5 481PT-6644
    CPU
    Intel Core I5
    Memory
    6 GB
    Hard Drives
    Spinning/SSD hybrid 500GB/20GB
    Mouse
    ELAN Trackpad
    Internet Speed
    18mbs/5mbs
    Browser
    Chrome
    Antivirus
    Windows Defender
You would also be shocked to know that many ATM's run Windows, too!
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
--Target Point-of-Sale (POS) Malware
(January 15 & 16, 2014)
More details are emerging about the malware used to steal data from payment cards used at Target over an 18-day period late last year.
According to sources familiar with the ongoing investigation, the attack used memory-scraping malware in Target's point-of-sale systems. The malware "parses data stored briefly in the memory banks of specific POS devices" and can capture magnetic stripe data. The attackers appear to have used a central server in Target to store stolen data and then transmitted the data to an external FTP server.
A First Look at the Target Intrusion, Malware ? Krebs on Security
A Closer Look at the Target Malware, Part II ? Krebs on Security
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports

My Computer

System One

  • OS
    7601.18247.x86fre.win7sp1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Self-built Intel based
    CPU
    Pentium D 925 3.0 GHz socket 775, Presler @ ~ 3.2 GHz
    Motherboard
    Intel DQ965MT
    Memory
    Hyundai 2 GB DDR2 @ 333 MHz
    Graphics Card(s)
    ASUS DirectCU II HD7790-DC2OC-2GD5 Radeon HD 7790 2GB 128-Bit GDDR5
    Sound Card
    MOTU Traveler firewire interface
    Hard Drives
    1 Seagate Barracuda SATA II system/boot drive 80 GB, 2 Western Digital hdds - 1 is SATA II Caviar Black 1 TB attached to card (assorted media, page, temp), other is SATA I 420 GB (games, media, downloads)
    PSU
    Thermaltake 450W
    Cooling
    stock Gateway cooling, extra large fan in rear of case
    Keyboard
    Alienware/Microsoft Internet kb
    Mouse
    Logitech M510
    Internet Speed
    Optimum Online, fast for US
    Browser
    Pale Moon
    Antivirus
    Kaspersky integrated into ZoneAlarm+Antivirus
Same here too. Also had a chance to look at the terminal in a post office at the start of the day, they are running NT 4.5 !!!!
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home made
    CPU
    AMD Ryzen7 2700x
    Motherboard
    Asus Prime x470 Pro
    Memory
    16GB Kingston 3600
    Graphics Card(s)
    Asus strix 570 OC 4gb
    Hard Drives
    Samsung 960 evo 250GB
    Silicon Power V70 240GB SSD
    WD 1 TB Blue
    WD 2 TB Blue
    Bunch of backup HDDs.
    PSU
    Sharkoon, Silent Storm 660W
    Case
    Raidmax
    Cooling
    CCM Nepton 140xl
    Internet Speed
    40/2 Mbps
    Browser
    Firefox
    Antivirus
    WD
January 17, Softpedia [FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]– (International) [/FONT][/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]Hackers stole 11 Gb of customer information from Target’s systems. [/FONT][/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]An analysis of the recent Target customer information data breach found that the attack worked in two phases and stole a total of 11GB of data. Source: http://news.softpedia.com/news/Hackers-Stole-11-Gb-of-Customer-
[/FONT]
[/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]- 3 -
[/FONT]
[/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]Information-from-Target-s-Systems-417997.shtml
[/FONT]
[/FONT]
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Related...

January 16, SC Magazine [FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]– (International) [/FONT][/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]Researchers discover a point-of-sale malware written in VBScript. [/FONT][/FONT][FONT=Times New Roman,Times New Roman][FONT=Times New Roman,Times New Roman]Researchers at IntelCrawler identified a new piece of point-of-sale (POS) malware known as Decebal for sale on underweb forums. The malware is written in VBScript and can use antivirus bypass techniques. Source: Researchers discover a point-of-sale malware written in VBScript - SC Magazine
[/FONT]
[/FONT]
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
--Target Malware and Possible Suspects Identified (January 17 & 20, 2014) More information is starting to emerge about the malware used in the Target data breach and about those suspected of being involved in the attack. Two people in Russia have been identified by a security company in California as having allegedly participated in coding the malware used in the attack. The malware, known as Kaptoxa, is a modified version of a known hacking tool called BlackPOS. The same type of malware is also believed to have been used in the attack on Neiman Marcus payment systems.
Two coders closely tied to Target-related malware - Computerworld
Thieves tweaked 'off-the-shelf' malware for Target data heist, security firm says - Investigations
The Malware That Duped Target Has Been Found | Threat Level | Wired.com
http://www.scmagazine.com//report-indicates-kaptoxa-operation-led-to-massive-retailer-breaches/article/329945/
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
Back
Top