LAS VEGAS: Last week, the U.S. Secret Service warned of the dangers of malware targeting point-of-sale (POS) systems, in particular a nasty variant called Backoff. The Backoff malware was jointly investigated by security vendor Trustwave.
Trustwave brought Backoff to the Black Hat USA 2014 conference and provided a demonstration of how it works to eSecurityPlanet. The Backoff malware is behind 600 retail breaches and as yet uncounted financial losses.
The malware takes aim at the Windows systems on which POS retail systems run and places a Java file on the system. Karl Sigler, threat intelligence manager at Trustwave, explained that malware steals credit card information and then sends out a batch collection every 60 seconds to a command and control server.
Sigler noted that if retailers have firewall protections in place, updated systems and look for malicious Java, then it's not as likely that Backoff will be effective.
Watch the full video demo below:
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.