Windows 8 and 8.1 Forums

Malware used in Target attack publicized

  1. #1

    Malware used in Target attack publicized

    Malware used in Target attack publicized

    After US retailer Target has confirmed that a malware infection on its Point of Sale (POS) terminals played a key role in the data breach affecting more than 110 million customers, security writer Brian Krebs has published details on the malware used in the attack.
    The attackers managed to place an information stealing Trojan, known as Infostealer.Reedum.B on Target's POS terminals. This malware is capable of capturing data that is briefly stored in the memory of the POS device. The information it steals includes the card’s magnetic swipe data, which can potentially allow attackers to print cloned copies of the cards.
    Target has yet to publicly comment on how the attackers breached its security to install the malware on POS terminals. However Krebs reported that sources close to the retailer said that the attackers had compromised a company Web server and used that as their point of access. They then established a control server inside Target’s network, which acted as a dump for the stolen information. The attackers logged in at regular intervals to download stolen data.
    Symantec can confirm that the malware used in the attack on target was Infostealer.Reedum.B and protection is in place for the threat.
    Reedum is just one of a number of pieces of malware that target Point of Sale terminals. Others include:
    • Infostealer.Dexter: This Trojan steals system information from infected terminals. It targets login details, the computer name, the operating system, details on system uptime and running processes. It also attempts to collect personal information from system memory files.
    • Infostealer.Alina: This Trojan disguises itself as commonly used applications, such as Adobe Flash, Java or the Windows Firewall. It collects information about the terminal it has infected, including the computer name, the path of the threat, the system volume and serial number and the version of the threat. It also enumerates running processes on the infected machine. All of this data is then transmitted to a remote location. This Trojan is also capable of downloading updates for itself when necessary.
    • Infostealer.Vskim: Another Trojan designed to steal information from a compromised terminal, this threat disguises itself as svchost.exe, a standard Windows system process. It attempts to bypass the Windows Firewall by creating a registry entry to exempt it from scrutiny. The information it steals includes system locale, the computer name, the user name, the Windows version and information from the registry. This data is then sent to a remote location.

      My System SpecsSystem Spec

  2. #2

    Posts : 315
    Windows 8.1 consumer 64 bit

    POS terminals run Windows? Yikes! They really should be running a hardened special purpose OS, not a bug-riddled consumer one. I guess that gives new meaning to "POS"!
      My System SpecsSystem Spec

  3. #3

    You would also be shocked to know that many ATM's run Windows, too!
      My System SpecsSystem Spec

  4. #4

    --Target Point-of-Sale (POS) Malware
    (January 15 & 16, 2014)
    More details are emerging about the malware used to steal data from payment cards used at Target over an 18-day period late last year.
    According to sources familiar with the ongoing investigation, the attack used memory-scraping malware in Target's point-of-sale systems. The malware "parses data stored briefly in the memory banks of specific POS devices" and can capture magnetic stripe data. The attackers appear to have used a central server in Target to store stolen data and then transmitted the data to an external FTP server.
    A First Look at the Target Intrusion, Malware ? Krebs on Security
    A Closer Look at the Target Malware, Part II ? Krebs on Security
      My System SpecsSystem Spec

  5. #5

    Posts : 1,883

    Quote Originally Posted by azasadny View Post
    You would also be shocked to know that many ATM's run Windows, too!
    Yes. Approximately 75% of USA ATMs run Windows XP.

    Banks Struggle To Get ATMs Off Windows XP - InformationWeek
      My System SpecsSystem Spec

  6. #6

    Same here too. Also had a chance to look at the terminal in a post office at the start of the day, they are running NT 4.5 !!!!
      My System SpecsSystem Spec

  7. #7

    January 17, Softpedia – (International) Hackers stole 11 Gb of customer information from Target’s systems. An analysis of the recent Target customer information data breach found that the attack worked in two phases and stole a total of 11GB of data. Source:
    - 3 -
      My System SpecsSystem Spec

  8. #8


    January 16, SC Magazine – (International) Researchers discover a point-of-sale malware written in VBScript. Researchers at IntelCrawler identified a new piece of point-of-sale (POS) malware known as Decebal for sale on underweb forums. The malware is written in VBScript and can use antivirus bypass techniques. Source: Researchers discover a point-of-sale malware written in VBScript - SC Magazine
      My System SpecsSystem Spec

  9. #9

    --Target Malware and Possible Suspects Identified (January 17 & 20, 2014) More information is starting to emerge about the malware used in the Target data breach and about those suspected of being involved in the attack. Two people in Russia have been identified by a security company in California as having allegedly participated in coding the malware used in the attack. The malware, known as Kaptoxa, is a modified version of a known hacking tool called BlackPOS. The same type of malware is also believed to have been used in the attack on Neiman Marcus payment systems.
    Two coders closely tied to Target-related malware - Computerworld
    Thieves tweaked 'off-the-shelf' malware for Target data heist, security firm says - Investigations
    The Malware That Duped Target Has Been Found | Threat Level |
      My System SpecsSystem Spec

Malware used in Target attack publicized
Related Threads
Solved Win 8.1 backup/restore target disk problem in Performance & Maintenance
I have a strange phenomena which I cannot solve but perhaps someone here can help me out. Some background: Running on a Gigabyte GA-Z77X-U4TH with 16G memory and an Intel i7-3770 CPU with HD4000 video Gigabyte UEFI Dual Bios Bootmode selection is set to Leagacy only (so the UEFI & Legacy mode...
a 3 year old walks us through Windows 8 - YouTube
Eight Forums Android App Eight Forums IOS App Follow us on Facebook