Fresh PoS Malware, ‘Backoff’ Spotted

Security researchers have found one fresh PoS malicious program dubbed 'Backoff' within a number of recent attacks which according to them exudes capabilities of large-scale data exfiltration as well as theft, reported threatpost.com, July 31, 2014.

It's not essential that Backoff utilizes any fresh methodologies alternatively be innovative in its infection spree, however, as per researchers from United States Computer Emergency Readiness Team (US-CERT) and security company Trustwave after examining the malware, the threat is serious.

The researchers explain that Backoff is utilized in the attack's second phase after locating as also subsequently brute-forcing into end-users' secret credentials to gain access of Remote Desktop Applications so that the user's administrator account can be intruded. Following this, the attackers would search to locate PoS machines on which they would eventually plant the Backoff incase feasible.

After planting, the Backoff would insert one tiny malicious code inside one particular computer process viz. explorer.exe to scrape memory obtainable when computer processes run thus enable garnering track data of payment card, recording strokes made on keyboard, and establishing communication with the malware's distant C&C (command-and-control) server.

Significantly, while US-CERT warns that the malware became observable during forensic investigations conducted in October 2013 at three instances, Trustwave's researchers state that the malware can be linked with almost 600 contaminations of enterprises.

The group further states that 'Backoff' is highly undetectable with the majority of AV solutions.

An advisory from DHS cautioned that the kind of nefarious software was dangerous for both consumers and businesses.

According to it, such breaches could spoil the reputation of an enterprise, whilst consumer credentials could get utilized for hijacking bank accounts alternatively conducting fraudulent purchases.

Threat Intelligence Manager Karl Sigler of Trustwave said that the remedy laid in using two-factor validation and stronger passwords, with organizations altering default ports that software accessing from the remote used, as brute-force codes normally searched for defaults. Scmagazine.com published this, July 31, 2014.

Sigler added that organizations could identify and label malware fast via keeping watch over outgoing e-traffic either via their router logs that detect abnormal traffic or firewalls, alternatively e-traffic heading for systems beyond their control.

» SPAMfighter News - 8/8/2014