Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Fresh Backoff Point-of-Sale Malware Strain ‘ROM’ Detected, Says Fortinet

Fortinet the security company recently intercepted ROM a malicious program, which is one fresh and increasingly advanced edition of the POS (point-of-sale) malicious software 'Backoff.'

The Company notes that ROM though appears like its earlier edition yet its special tweaks aid it to better bypass security software as also create obstacles for its analysis.

Moreover, ROM technically identified as W32/Backoff.B!tr.spy does not have an edition number within its payload.

ROM doesn't also use a camouflage of Java to hide its real nature unlike the earlier Backoff editions. Instead it poses like one media-player labeled mplaterc.exe. When it replicates itself onto a system it infects the malware summons one API viz. WinExec. This particular API modifies file-names by using hashed values so the analysis process gets thwarted.

According to Junior Antivirus Analyst Hong Kei Chan with Fortinet, ROM, like before, filches credit card information in much a similar manner with an added capability for parsing Track 1 as well as Track 2 details. Within the new edition, though, the malware exhibits 2 more functionalities: saving the filched payment card data somewhere inside the infected computer and hashing blacklist processes' names, he adds. Securityweek.com published this, November 3, 2014.

Besides, Backoff's latest version changes the elements of its command-and-control structure for even more bypassing detection by establishing its communication with the command-and-control system via port 443 as well as encrypting the data exchanged during the communication.

The new variant, it requires noting, has abandoned the keyogger element of the malware. But Chan is sure that this will merely remain tentative before the keylogger would again appear within yet another sample of Backoff. Tripwire.com reported this, November 4, 2014.

In an advisory that Department of Homeland Security released during August 2014, it's reported that almost 1,000 enterprises became victims of Backoff, including UPS Stores, Dairy Queen, Target and Supervalu.

Furthermore, albeit Backoff and its strains were lately found during July 2014, the main payload, as per forensic investigations, may've remained active since far back October 2013.

To remain safeguarded from malware assaults, users are advised towards imbibing the solutions that US-CERT highlights, as well as keeping their anti-viruses up-to-date.

» SPAMfighter News - 11/15/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page