- Messages
- 1,935
- Location
- Wyandotte, MI (South of Detroit)
Malware used in Target attack publicized
After US retailer Target has confirmed that a malware infection on its Point of Sale (POS) terminals played a key role in the data breach affecting more than 110 million customers, security writer Brian Krebs has published details on the malware used in the attack.
The attackers managed to place an information stealing Trojan, known as Infostealer.Reedum.B on Target's POS terminals. This malware is capable of capturing data that is briefly stored in the memory of the POS device. The information it steals includes the card’s magnetic swipe data, which can potentially allow attackers to print cloned copies of the cards.
Target has yet to publicly comment on how the attackers breached its security to install the malware on POS terminals. However Krebs reported that sources close to the retailer said that the attackers had compromised a company Web server and used that as their point of access. They then established a control server inside Target’s network, which acted as a dump for the stolen information. The attackers logged in at regular intervals to download stolen data.
Symantec can confirm that the malware used in the attack on target was Infostealer.Reedum.B and protection is in place for the threat.
Reedum is just one of a number of pieces of malware that target Point of Sale terminals. Others include:
• Infostealer.Dexter: This Trojan steals system information from infected terminals. It targets login details, the computer name, the operating system, details on system uptime and running processes. It also attempts to collect personal information from system memory files.
• Infostealer.Alina: This Trojan disguises itself as commonly used applications, such as Adobe Flash, Java or the Windows Firewall. It collects information about the terminal it has infected, including the computer name, the path of the threat, the system volume and serial number and the version of the threat. It also enumerates running processes on the infected machine. All of this data is then transmitted to a remote location. This Trojan is also capable of downloading updates for itself when necessary.
• Infostealer.Vskim: Another Trojan designed to steal information from a compromised terminal, this threat disguises itself as svchost.exe, a standard Windows system process. It attempts to bypass the Windows Firewall by creating a registry entry to exempt it from scrutiny. The information it steals includes system locale, the computer name, the user name, the Windows version and information from the registry. This data is then sent to a remote location.
After US retailer Target has confirmed that a malware infection on its Point of Sale (POS) terminals played a key role in the data breach affecting more than 110 million customers, security writer Brian Krebs has published details on the malware used in the attack.
The attackers managed to place an information stealing Trojan, known as Infostealer.Reedum.B on Target's POS terminals. This malware is capable of capturing data that is briefly stored in the memory of the POS device. The information it steals includes the card’s magnetic swipe data, which can potentially allow attackers to print cloned copies of the cards.
Target has yet to publicly comment on how the attackers breached its security to install the malware on POS terminals. However Krebs reported that sources close to the retailer said that the attackers had compromised a company Web server and used that as their point of access. They then established a control server inside Target’s network, which acted as a dump for the stolen information. The attackers logged in at regular intervals to download stolen data.
Symantec can confirm that the malware used in the attack on target was Infostealer.Reedum.B and protection is in place for the threat.
Reedum is just one of a number of pieces of malware that target Point of Sale terminals. Others include:
• Infostealer.Dexter: This Trojan steals system information from infected terminals. It targets login details, the computer name, the operating system, details on system uptime and running processes. It also attempts to collect personal information from system memory files.
• Infostealer.Alina: This Trojan disguises itself as commonly used applications, such as Adobe Flash, Java or the Windows Firewall. It collects information about the terminal it has infected, including the computer name, the path of the threat, the system volume and serial number and the version of the threat. It also enumerates running processes on the infected machine. All of this data is then transmitted to a remote location. This Trojan is also capable of downloading updates for itself when necessary.
• Infostealer.Vskim: Another Trojan designed to steal information from a compromised terminal, this threat disguises itself as svchost.exe, a standard Windows system process. It attempts to bypass the Windows Firewall by creating a registry entry to exempt it from scrutiny. The information it steals includes system locale, the computer name, the user name, the Windows version and information from the registry. This data is then sent to a remote location.
My Computer
System One
-
- OS
- Win 10 Pro 64bit
- Computer type
- PC/Desktop
- System Manufacturer/Model
- Home built Intel i7-3770k-based system
- CPU
- Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
- Motherboard
- ASRock Z77 OC Formula 2.30 BIOS
- Memory
- 32GB DDR3 2133 Corsair Vengeance Pro
- Graphics Card(s)
- GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
- Sound Card
- Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
- Monitor(s) Displays
- LG 27EA33 [Monitor] (27.2"vis) HDMI
- Screen Resolution
- 1920x1080
- Hard Drives
- Samsung SSD 850 EVO 250GB (system drive)
WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
- PSU
- Corsair 750ax fully modular power supply with sleeved cables
- Case
- Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
- Cooling
- Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
- Keyboard
- Thermaltake Poseidon Z illuminated keyboard
- Mouse
- Corsair M65 wired
- Internet Speed
- 85MBps DSL
- Browser
- Chrome and Edge
- Antivirus
- Windows Defender, MalwareBytes Pro and CCleaner Pro
- Other Info
- Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.
1GBps Ethernet ports