Online security firm Trustwave just won’t stop scaring the shit out of me.
First it discovered numerous vulnerabilities in mobile POS systems and then it located a malware that had infected millions of users. Now the firm has found new malware that, as of now, is virtually undetectable by antivirus software.
Honestly, it might be better if it didn’t tell us. The announced findings were first posted on Trustwave’s blog yesterday. It’s quite technical, so I talked with Trustwave’s Director of Security Research, Ziv Mador, to help me better understand the issues.
Mador says he and his colleagues were performing a forensics investigations for a customer when they saw the virus and havoc it wreaked. The malware, which he dubbed ISN, targets e-commerce websites and their web servers. When infected, the malware targeted POST requests, which are the actions users perform when they submit secure information to these servers. In essence, ISN was able to extract unencrypted credit card information, and even had the potential even to gather login information (although, that’s not what it was configured for).
Mador explained that once ISN was downloaded on the web server, it had complete “access to that traffic.” That is, any information customers submit using POST request, which is a lot.
What’s most vexing, however, is that it is virtually undetectable. This is because it was downloaded in relatively few servers so has been able to bypass antivirus softwares, which target more widespread malware. As opposed to targeting consumers, ISN targeted web servers and the information it sent and received.
Given the small scope of the malware, ISN has probably netted relatively few victims. Nevertheless Mador says this is a powerful reminder for people and businesses alike to take “every necessary precaution.”
Of course, even if you do that may not be enough.
[Image courtesy elhombredenegro]