Meet The Malware That Took Down Target

Next Story

Hackers And Spambots Are Going After Your Fridges and Smart TVs Now

The inimitable Brian Krebs has found some interesting details about the massive Target credit card breach that exposed millions of pieces of customer data over the holidays. The hackers used a specific form of malware dedicated to grabbing sensitive data out of hardened point of sale terminals.

Shortly after news of the Target attack hit the net, someone posted a listing for a virus called POSWDS or Reedum on ThreatExpert.com. Shortly thereafter the listing was pulled but not before it was analyzed. Krebs and his sources found that the version of the software that appeared on Target computers had been specially designed to hide itself from anti-virus software and was “customized to avoid detection and for use in specific environments.”

According to Krebs, the software has been traced to a programmer called Antikiller who put it up for sale on hacker forums. The person or group responsible for selling the cards after the breach also infected Target’s computers, initially accessing the system via a compromised web server and then “hoovering up” the data as it came in.

“Further analysis of the attack has revealed the following: On December 2, the malware began transmitting payloads of stolen data to a FTP server of what appears to be a hijacked website. These transmissions occurred several times a day over a 2 week period. Also on December 2, the cyber criminals behind the attack used a virtual private server (VPS) located in Russia to download the stolen data from the FTP. They continued to download the data over 2 weeks for a total of 11 GBs of stolen sensitive customer information. While none of this data remains on the FTP server today, analysis of publicly available access logs indicates that Target was the only retailer affected. So far there is no indication of any relationship to the Neiman Marcus attack.”

Do yourself a favor and read the Krebs pieces. They are amazingly detailed and the story is chilling and fascinating and it’s great look at just how vulnerable even the most powerful commercial organizations are against a meticulous enemy.