Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Virus Attacks Terminals of QIWI Payment System

Experts at the Russian IT security developer, Doctor Web Company have reported Trojan inside a big Russian payment system QIWI's terminals which steals money after replacing the account number of the recipient resulting in funds being diverted straight to the attackers. Itar-tass.com published this in news on March 16, 2011.

State the experts that a malicious program called Trojan.PWS.OSMP infiltrated the OS of the terminal where it manipulated maratl.exe a legitimate process followed with modifying its memory.

Specifically, the malicious item, Trojan.PWS.OSMP infiltrated the system followed with a backdoor namely BackDoor.Pushnik that was pulled down online onto the terminals through a USB device. If successfully planted, Pushnik lets more malware to be downloaded and planted from the Internet. The backdoor conducts a search for an executable called maratl.exe within the system after which it pulls down the Trojan.PWS.OSMP malware without external help. The Trojan then alters maratl.exe in terms of its functions thereby facilitating the thieves towards tampering recipient account numbers and filching money coming into those accounts. Themoscownews.com published this on March 17, 2011.

Actually, with the said Trojan, hackers altered the account number that received money, making the funds reach straight into the attackers' accounts, Doctor Web stated. Itar-tass.com reported this on March 16, 2011.

In fact, the QIWI network has over 100,000 Russian terminals linked to it and it regulates the market's 40% or more of trade. Also, about 1,600 organizations use it in connection with online buying, paying of penalties over traffic violations, etc.

Stated the Doctor Web specialists that they were sure Trojan.PWS.OSMP, by using maratl.exe, caused the biggest threat lurking on the Internet connected terminals. Moreover, according to the company, it had already informed the terminals' owner everything that it had uncovered in the attack. Itar-tass.com published this on March 17, 2011.

Stated Sergei Golovanov, major anti-virus specialist at Kaspersky Lab, normally, paying terminals could be easily attacked with viruses. And despite Doctor Web not really articulating which firm the virus had attacked, its experts said that no report had come in about any money being seized off customers or terminals, according to Themoscownews.com.

Related article: Virus Infects Through USB Drives

» SPAMfighter News - 3/31/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page