Thursday, March 05, 2009

New attack vector

In the past, I have highlighted top tools and write-ups resulting from my surfing on message boards and security sites. I am extremely pleased to share my own finding with you. This finding was published by my company and also by Visa as a security alert for their merchants.

The executive summary of the finding is that attackers are stealing credit card data from Point of Sale environments by going to RAM. They are using open source process dumpers on the executable files which process credit card data e.g. if they know that the payment application in use is named "poscreditcards.exe" or "cctransactions.exe" then they would dump that process and save the data in a dump file. As a followup, they are running custom made credit card data parsers to get just credit cards in an output file from those dump files. Its a pretty neat technique to remain safe from antivirus software since this is something not malicious in nature and with the custom code from credit card parsers, this attack vector could remain hidden from antivirus and even the eye of Security Administrators for a long time.

Here are the two links for more info:

1. Visa Data Security Alert - Memory Parsing

2. Emerging Threat: Parsing Track Datafrom RAM

Enjoy!

Jibran Ilyas

Labels: ,

1 Comments:

Anonymous Anonymous said...

cetera pink emancipate treatment lwfpr drinking chomsky viuh productivity lecturers canberra
lolikneri havaqatsu

11:31 AM  

Post a Comment

<< Home