Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stealthy new malware snatching credit cards from retailers’ POS systems


  • Please log in to reply
5 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:19 PM

Posted 31 July 2014 - 11:17 PM

 

POS machines are a big target for hackers, who use malware like Backoff to collect data from credit cards and other transaction information to either create fraudulent credit cards or sell the data. In many ways, the Backoff-based attacks were similar to the attack in 2011 on Subway franchises—hackers used remote desktop software left active on the machines to gain entry, either by brute-force password attacks or by taking advantage of a default password, and then installing the malware on the hacked system.

Stealthy new malware snatching credit cards from retailers’ POS systems


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


BC AdBot (Login to Remove)

 


#2 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:19 AM

Posted 01 August 2014 - 12:19 AM

Why does POS machines still run Windows? 

 

When there are other alternatives for this software. Surely there's a Linux version of embedded software that will run on these that's 100x more secure. 

 

When will these merchants learn to stop buying crappy POS systems? They're likely the ones whom has to eat the losses. The banks surely won't. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#3 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:11:19 PM

Posted 01 August 2014 - 12:49 AM

 

Why does POS machines still run Windows?

And a lot of  POS still run XP. Mind you it is supported.

 

And this is a good thing, If they swapped to Linux it would draw the attention of hackers, Not good for Linux. Let them play their games with M$ stuff.


Edited by NickAu1, 01 August 2014 - 12:51 AM.

Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


#4 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:19 AM

Posted 01 August 2014 - 01:51 AM

Well, if that's their idea of "support", I sure don't want to see what happens when these become "unsupported". 

 

Many banks in the US are scrambling to get teller machines updated, they claim it's costing a "fortune". Yeah, right.  :angry:

 

It's not like they didn't know that XP was going to go unsupported long ago. They had tons of time to make adjustments. These systems doesn't to have Aero graphics & all, surely there's a Windows 7 solution to the issue. 

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,070 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:02:19 PM

Posted 01 August 2014 - 05:58 AM

No, some software will not work on anything newer than XP due to coding issue/just generally unsupported. You could not even run the software on Vista or 7 most of the time. That's simply the problem. It's expensive software, and getting new software would cost into the hundreds of thousands in some cases.

It's not a time thing so much as a money thing majority of the time. Though, Microsoft keep putting off XP's death might have meant that they thought it would continue being supported again so didn't think about upgrading.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 7,010 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:09:19 AM

Posted 01 August 2014 - 10:55 PM

 

 

Though, Microsoft keep putting off XP's death might have meant that they thought it would continue being supported again so didn't think about upgrading.

This. 

 

Windows XP's lifespan was extended due to the Vista outcome. However MS jumped the gun too quickly, as Windows 7 more than made amends for all of the OS's shortcomings. Had XP followed MS's normal support timeframe, it should have ended about 1 year after that of Windows 2000 Professional (W2K's support ended in the summer of 2010), which until SP2 for XP was released, was the "go to" OS for business needs. 

 

Hopefully, in similar fashion, Windows 7's lifespan will also benefit for the same reason, it's successor is a bust. 

 

As to the banks, again, they had the time & funding (from the extreme high interest of predatory lending) to upgrade every ATM machine on the land, at least those on US soil anyway, many has been built in more recent years. It's up to merchants which type of POS systems they employ. There are alternatives to XP POS computers in the checkout lanes, though I see that some still uses this. Some where it's obvious, for some transactions, the sales associate will have a computer at the register, with a "Microsoft Dynamics" screen, once logged on, the familiar XP Start Menu is there & can be seen. 

 

http://www.merchantmaverick.com/pos-101-how-to-choose-a-point-of-sale-system-for-your-business/

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users