Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Security firm IDs malware used in Target attack

Jaikumar Vijayan | Jan. 17, 2014
iSight describes Trojan as sophisticated derivate of older point-of-sale malware

In a subsequent interview with CNBC, Target CEO Gregg Steinhafel confirmed that the compromise followed a breach of its POS systems. Though the company is still trying to figure out what exactly happened, it has been able to determine that malware was installed in its POS systems, he said.

At least three other retailers are believed to have been hit by the same malware, including Neiman Marcus. The names of the other two remain unknown.

Security blogger Brian Krebs, who first broke the story about the Target breach, on Wednesday updated the report with new details about the intrusion.

According to Krebs, sources close to the investigation say attackers managed to somehow upload the malware to Target's POS systems after first breaking into a web server. They then appear to have brazenly set up a control server right within Target's internal network, which they used to store and retrieve data stolen from the POS systems.

"The bad guys were logging in remotely to that [control server], and apparently had persistent access to it," Krebs said.

Krebs described the malware as being roughly 207KB in size and fairly inexpensive -- around $1,800 for a barebones version and $2,300 for a more feature-rich version capable of encrypting stolen data.


Previous Page  1  2 

Sign up for Computerworld eNewsletters.