|18 Jan 2014||#1|
| || |
A First Look at the Target Intrusion, Malware
Last weekend, Target finally disclosed at least one cause of the massive data breach that exposed personal and financial information on more than 110 million customers: Malicious software that infected point-of-sale systems at Target checkout counters. Today’s post includes new information about the malware apparently used in the attack, according to two sources with knowledge of the matter.
The seller of the point-of-sale “memory dump” malware allegedly used in the Target attack.
In an interview with CNBC on Jan. 12, Target CEO Gregg Steinhafel confirmed that the attackers stole card data by installing malicious software on point-of-sale (POS) devices in the checkout lines at Target stores. A report published by Reuters that same day stated that the Target breach involved memory-scraping malware.
This type of malicious software uses a technique that parses data stored briefly in the memory banks of specific POS devices; in doing so, the malware captures the data stored on the card’s magnetic stripe in the instant after it has been swiped at the terminal and is still in the system’s memory. Armed with this information, thieves can create cloned copies of the cards and use them to shop in stores for high-priced merchandise. Earlier this month, U.S. Cert issued a detailed analysis of several common memory scraping malware variants.
Target hasn’t officially released details about the POS malware involved, nor has it said exactly how the bad guys broke into their network. Since the breach, however, at least two sources with knowledge of the ongoing investigation have independently shared information about the point-of-sale malware and some of the methods allegedly used in the attack.
|My System Specs|
|Similar help and support threads for2: A First Look at the Target Intrusion, Malware|
|Target data breach exposes serious threat of POS malware and botnets||Security News|
|Rootkit Intrusion Possible cause for BSoD Error 0x00000050||System Security|
|NIS Intrusion Protection crashing IE||System Security|
|Intrusion Attacks||System Security|
|Microsoft: Online Gamers Still a Top Malware Target||System Security|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 09:37 AM.