Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Researchers find new PoS malware written in VBScript

Lucian Constantin | Jan. 20, 2014
In the wake of a large-scale attack on point-of-sale (PoS) systems at retailer Target, new malware designed to steal payment card data from the sales systems was released earlier this month.

Many PoS systems are becoming increasingly interconnected while their underlying OS is growing older and older, Botezatu said. "Most PoS malware we analyzed had little to no obfuscation or polymorphic capabilities because their creators don't expect to see any antivirus solution in place. Maybe it's time to take the same approach with Windows-based PoS devices like we do with Windows-based computers."

RAM scraping malware steals card data while it's passed in cleartext from the card reader to the payment software running on PoS systems, which then encrypts it and sends it with the transaction request to the external payment processing service. A solution to RAM scraping attacks is hardware-based encryption done directly on the card readers rather than in the PoS software.

Retailers should also use technology that can monitor application and process changes on all their payment processing systems, Levi Gundert, a threat researcher at Cisco Systems, said in a blog post. "Any change on the end point or multiple end points should be cause for immediate analysis."


Previous Page  1  2 

Sign up for Computerworld eNewsletters.