Defeating the "Most Complex Malware Ever"
Defeating the "Most Complex Malware Ever"
Malware presents an increasing risk in the current IT landscape. Here's a look at decoding malware, point of sale vs. point of theft, and professional hackers.
Join the DZone community and get the full member experience.Join For Free
xMatters delivers integration-driven collaboration that relays data between systems, while engaging the right people to proactively resolve issues. Read the Monitoring in a Connected Enterprise whitepaper and learn about 3 tools for resolving incidents quickly.
Malware is becoming increasingly complex and difficult to detect, allowing internet criminals to steal money or sensitive information from unsuspecting people. While IT professionals work constantly to identify new malware, the changing nature poses a challenge.
When Point of Sale Becomes Point of Theft
In this latest scheme, malware, or a malicious software program, was embedded into a program called ModPOS. This was, at a face value, a point of sale machine similar to a cash register. However, hidden deep within the code was a program that collected personal data from millions of people over several years. Investigators from iSight, the cyber intelligence company that discovered the malicious coding, said they have never seen such a complex and secretive malware, which is likely why it went undetected for so long.
Investigators at iSight took three weeks to find the malware coding in ModPOS's files. The same people usually can find malware coding in around half an hour. Why was ModPOS different? The malware in this case was encrypted several times so the bad code and its connections to a server were not detectable. These multiple layers of protection also make it impossible to find what information was lost, and who exactly has it. All researchers know is that all information that passed through these point of sale machines, including cash registers, is now likely in the hands of internet hackers. In addition, the malware has the capability to change software on machines that it is installed upon (desktop or mobile), using tried and true tricks such as key logging and network monitoring. ModPOS has turned out to be a Pandora's box of information theft. These more common forms are malware hidden in modules that appear to be other codes entirely. The result is that this malware lurked in virtual and actual cash registers all over the world, in the machines of companies such as Target. This malicious programming slipped by companies that have full internet security divisions designed to prevent exactly this kind of security risk.
Who is at Risk?
The extent of the information lost is currently not known. iSight reports that ModPOS has been active in the United States since 2013 and even spread to other developed nations. Millions of credit and debit cardholders are expected to have had important information stolen. The amount of cash registers involved is currently unknown. Around 80 U.S. corporations have already been briefed on the danger to their employees and customers. Simply swiping a credit card in a machine at any point in the past two years puts a person at risk from this malware.
Professional Hackers With Big Backers
Researchers currently have no leads on who might have created this malware, nor do they know who has been collecting the credit card information that came from it. What is known is that this clearly was the work of professionals, including programmers at the top of their fields. Creating a malware program that can go undetected in the computer systems of multiple large companies with talented IT security teams requires talent. In addition, it requires funding. Someone had to pay the programmers behind this attack and pay for the infrastructure to be set up. The vast and complicated nature of this malware of mystifying.There will always be a few malware attacks that make it past even the most sophisticated security. The moral of this story is that IT professionals need to be constantly aware of the increasing sophistication and sneakiness of malware. It is important to regularly analyze the network's performance to quickly identify any abnormalities or weak spots in security, and to be on the lookout for signs of new forms of malicious coding.
Opinions expressed by DZone contributors are their own.