Experts Reveal that Spark Malware may be Re-birth of Trojan Alina

Csoonline.com published news on 18th December, 2014 quoting security experts as saying "A malware program dubbed Spark which steals data of payment card from compromised point-of-sale (POS) systems may be the alteration of an older Trojan identified as Alina and highlights an incessant lucrative business for cyber crooks.

Spark steals data of the card from a compromised system's RAM (random access memory) at the time of being processed by advanced software running on the system. Similar memory scraping malicious software was after such data breaches at various retailers like the Home Depot, Neiman Marcus and Target over the preceding two years.

It seems that there is a relationship between the JackPOS and variants of Alina malware because there are some similar technical behavioral components including the use of custom credit card searching methods across the two malware families. Trustwave explained that JackPOS emerged at a time when Alina started waning and there have been unofficial rumors that JackPOS is the descendant to Alina and other industry reports disclose that Alina source code is being traded in underground grey market.

Both Spark and Alina go after machines having Microsoft Windows.

Trustwave said that they have recognized the variant during an analysis of several breaches of automotive repair and maintenance businesses.

According to the investigation of the firm, the malware seems to have affected businesses across the country.

Detection of Spark is not easy because the authors of the malware have taken preventive steps to shun its detection and keep its code clandestine.

Trustwave said that Spark uses a technology called AutoIT which makes it easy for attackers to change the file signature of the malware to avoid detection of antivirus (AV).

Eweek.com published news on 18th December, 2014 quoting Eric Merritt, Security Researcher of Trustwave, as saying "AV promptly catches new variants and will ultimately discover the new signature or common malicious behavior like a cat-and-mouse game."

Therefore, retailers should further protect themselves by isolating their payment networks and keeping their systems responsible for accessing data regarding credit card by ensuring strict security steps like tough passwords and by immobilizing any unused services. Trustwave stated that protections of network resembling IDS/IS (Intrusion prevention/detection systems) and egress filtering can also detect infection and potentially limit automated exfiltration of the stolen credit cards.

» SPAMfighter News - 12/31/2014