Analysis of Dexter Malware Uncovers Mystery Man, and Links To Zeus 119
chicksdaddy writes "The newly discovered Dexter malware is one of the few examples of a malicious program that targets point of sale terminals, but also communicates, botnet-like, with a command and control infrastructure. According to an analysis by Seculert, the custom malware has infected 'hundreds POS systems' including those operated by 'big-name retailers, hotels, restaurants and even private parking providers.' Now a detailed analysis by Verizon's RISK team suggests that Dexter may be a creation of a group responsible for the ubiquitous Zeus banking Trojan. By analyzing early variants of Dexter discovered in the wild, Verizon determined that the IP addresses used for Dexter's command and control were also used to host Zeus-related domains and several domains for Vobfus, also known as 'the porn worm,' which has been used to deliver the Zeus malware. Verizon also produced some tantalizing clues as to the identity of one individual who may be a part of the crew responsible for the malware. The RISK team linked the domain registration for a Dexter C&C server to an unusual online handle, 'hgfrfv,' that was used to post a number of suggestive help requests ('need help with decrypting a table encrypted with EncryptByKey') in online technical forums, where a live.com e-mail address was also provided. The account name was also linked to a shell account on the outsourcing web site freelancer.com, which lists 'hgfrfv' as an individual residing in the Russian Federation."
Re:When will they ever learn?! (Score:5, Insightful)
Quite familiar with Diebold ATMs. I spent a few of years in the ATM industry where I learned all kinds of things I was better off not knowing.
The short here is that business people are invariably interested in rapid development and deployment. Those tools are most available under Windows. "Rapid development." Really? And rapid deployment too? Sounds like they would rather not bother with testing and QA.
And using the internet as transport? Back in the day, they used POTS... some still do. (yeah... dialtone generators and devices that answer "yes" to every transaction... one of the first tools I was exposed to when "troubleshooting" an ATM.) It's beyond stupid. But that's the thing. Business does not understand technology and so they love to imagine that since THEY can't understand it, neither can those 'stupid criminals' so they're safe right? One of the biggest problems is these geniuses trust brand names more than people. Another is that they simply do not know what they do not know. You can try to tell them, but they just read it as an attack or an insult.
Re:When will YOU ever learn, troll? (Score:4, Insightful)
I think what you are seeing is web-applications hosted on Linux being hacked. Apache and MySQL run on Windows too although the WAMP stack is harder to keep updated than the LAMP stack.
But I don't disagree with you. Hosting applications on Linux does not make them ecure. It takes a lot of time and energy. The same is true for Windows. The iframe-injecting kernel module that you linked to is really quite interesting.
Where the rubber meets the road, I think Linux and BSD still win in performance, security and manageability, but you are correct, the margins are a lot slimmer. Windows Server 2008 is not Windows 95 or XP.
Re:How's Windows "hinder your efforts"? (Score:4, Insightful)
Lemme guess...this morning you found a Dunkin Donuts "Buy 1 coffee get 10 free" coupon? ;)
Re:How's Windows "hinder your efforts"? (Score:4, Insightful)