PoSeidon Malware Program Attacks Point of Sale Terminals
Many of the data breaches that wreaked havoc on major retailers during the past 18 months were caused by malware in the point of sale systems. Now, a stronger and more damaging malware program has been uncovered.
The network company Cisco claimed it has found the PoSeidon malware circulating. It could incorporate some of the features of the Zeus and BlackPOS malware programs used in the cyberattacks of Target and Home Depot, but PoSeidon could be capable of inflicting even more damage.
Once it has infected a point of sale terminal, PoSeidon downloads a program named FindStr that puts a keylogger on the machine. That keylogger scans the point of sale memory looking for credit card numbers. Since the data is jumbled together on a POS, the malware uses an equation called the Lund algorithm to search through the jumbled data for valid credit card numbers. It then does its best to hide the data, and send it to computers in Russia which are waiting for the stolen data. No one is sure what happens after that, but it is likely the credit card numbers are immediately sold on the black market.
PoSeidon has also shown it can resist reboots to clear it from the POS memory.
Cisco indicated it was working behind the scenes on helping combat the program, but did not want to disclose technical details.
The United States is especially vulnerable to these POS malware programs because of the magnetic strip on the back of the credit card. When the card is swiped, it gives the credit card number to the POS terminal in an unencoded form. If malware is present, it can capture the credit card number without a problem.
The credit card issuers in the United States are rolling out EMV cards later this year that will have a chip that helps scramble the card number from the beginning. When that takes place, programs like PoSeidon will be relatively useless since they would just be capturing scrambled credit card numbers.