McAfee Identifies Fresh Trojan that Attacked POS Systems
One fresh PC Trojan that can seize debit/credit card information by infecting POS (point-of-sale) machines, of late, has been exposed, state investigators from McAfee the security company.
Chintan Shah, Security Researcher at McAfee says that the Trojan named vSkimmer targets Windows PCs to which readers of credit or debit cards are hooked. PCWorld published this in news on March 24, 2013.
Indeed it was on 13th February 2013 that the sensor network of McAfee first spotted the malicious program. Presently it's getting promoted on websites designed for cyber-criminals and described as more advanced compared to Dexter, also one point-of-sale malware which security researchers uncovered during December 2012.
To work, when vSkimmer is planted onto a target PC, it collects details regarding the computer's operating system along with its version, exclusive Globally Unique Identifier (GUID), active username, hostname, and default language. These details are then transmitted onto the Trojan attackers' C&C (command-and-control) system after encrypting them, following HTTP requests. The attackers utilize the information for monitoring individually contaminated systems. Thereafter, the server is expected for sending a command to the malware that waits for the former's "upd" (update) or "dlx" (download and execute) instruction.
Moreover, vSkimmer hunts for each and every active process' memory from the PC it contaminates, but spares ones that are white-list hard-coded, to garner info which corresponds with a particular model. It then digs at Track 2 date of payment cards that comprise card number, its Card Verification Value (CVV), and date of expiry.
An even more fascinating aspect regarding vSkimmer involves its ability to function despite no Internet connection on the system. For that it hangs around till somebody inserts a Universal Serial Bus stick tagged KARTOXA007 after which it copies the entire data from that device.
Elaborating on this feature, Messaging Data Architect, Adam Wosotowsky of McAfee Labs conjectures about cyber-attackers who possibly began infecting computers using 'vSkimmer' through USB sticks. Apparently, for USB infections, there should be an inside task alternatively secret scam, such as communicating with employees to let one access the computers, the expert adds. Scmagazine.com published this dated March 22, 2013.
Related article: McAfee Slams Microsoft over Vista Security
» SPAMfighter News - 01-04-2013