Alina: casting a shadow on POS

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Alina: casting a shadow on POS
Botnet Alina, VSkimmer, BlackPOS
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-05-08
Editor/Conference Trustwave
Link https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Casting-a-Shadow-on-POS/ (Archive copy)
Author Josh Grunzweig
Type Blogpost

Abstract

Over the pastfew months, a number of malware families targeting Point of Sale (POS) systems have been discussed. First there was Dexter (Seculert / SpiderLabs), then there was its big brother vSkimmer, and more recently there was Dump Memory Grabber / BlackPOS. One of the most interesting threads of commonality between these samples is the command and control (C&C) structure used between them. Utilizing a C&C communication channel for data exfiltration, while previously rare, has become more and more common in POS malware. I'd like to use this blog post to discuss another similar sample that I recently got the chance to look at, named Alina. We've seen Alina on a number of active forensic cases in the past few months, which is how I was originally made aware of this malware family.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1607,
   editor = {Trustwave},
   author = {Josh Grunzweig},
   title = {Alina: casting a shadow on POS},
   date = {08},
   month = May,
   year = {2013},
   howpublished = {\url{https://www.trustwave.com/Resources/SpiderLabs-Blog/Alina--Casting-a-Shadow-on-POS/}},
 }