thePCI Portal

Malware on POS systems

Did you see the CERT warning about the POS malware named Backoff?  The Ars Technica article is a nice summary of the US CERT piece which is technical. The malware retrieves track data from the memory of systems it is installed on.  Combined with key logging, update capabilities and a low antivirus detection rate, its nasty.  The software is a variant of what happened at Target recently and Subway restaurants in 2011.

The CERT article blames password guessed remote desktop software as the infection vector and lists a few (including RDP, Apple remote desktop, Chrome remote desktop and logmein).   The software appears to be Windows only (based on the registry entry info given) so I don’t know if it correctly lists the remote desktop software.  None the less, the moral appears to be get your authentication up to speed for these solutions and change the listening port if possible.  Blocking outbound http from the devices can help too, and really probably should be done anyway.

Ad below this line:

Leave a Reply