The inimitable Brian Krebs has found some interesting details about the massive Target credit card breach that exposed millions of pieces of customer data over the holidays. The hackers used a specific form of malware dedicated to grabbing sensitive data out of hardened point of sale terminals.
Shortly after news of the Target attack hit the net, someone posted a listing for a virus called POSWDS or Reedum on ThreatExpert.com. Shortly thereafter the listing was pulled but not before it was analyzed. Krebs and his sources found that the version of the software that appeared on Target computers had been specially designed to hide itself from anti-virus software and was “customized to avoid detection and for use in specific environments.”
According to Krebs, the software has been traced to a programmer called Antikiller who put it up for sale on hacker forums. The person or group responsible for selling the cards after the breach also infected Target’s computers, initially accessing the system via a compromised web server and then “hoovering up” the data as it came in.
Do yourself a favor and read the Krebs pieces. They are amazingly detailed and the story is chilling and fascinating and it’s great look at just how vulnerable even the most powerful commercial organizations are against a meticulous enemy.