thePCI Portal

SSC’s bulletin regarding backoff malware

On Aug 27, The SSC has issued a bulletin calling for “immediate action”.  And they labelled it URGENT (in ALL CAPS!).  Tsk, tsk, if you have not read it yet.

The main call to action appears to be “Contact your provider of antivirus solutions and ensure that you have the most recent version that will specifically detect the “Backoff” malware”.    To save you a support call, you could post the published MD5s from the US-CERT bulletin into VirusTotal to see for yourself.  Detection rates seem decent among products (now).  VirusTotal is indicating that the Mcafee Gateway product, Norman, CLAM-AV and some lesser known solutions may still NOT be detecting.

pciportal backoff detection

The bulletin also reiterates basic security guidance asking that people do the things they should already be doing.

Just a reminder that the main infection vector for this malware appears to be poorly configured remote PC control solutions directly accessible from the internet.  If your remote access solution doesn’t require 2 factors of authentication (req 8.2), lock out password guessers (8.1.6), and allows direct connections from internet (req 1.3.3) you are not just non-compliant you may want to do an offline virus scan to look for BACKOFF.

Ad below this line:



Leave a Reply

Your email address will not be published. Required fields are marked *