Routine log review unearths rootkit, which leads to discovery of memory scraper

David Ellis, Director of Forensic Investigations
By: David Ellis
The following post is a segment in my Forensic Files series. I’ve found the best way to inspire better security practices is to show examples of true security blunders. Hopefully the security failures I’ve seen while investigating compromised businesses will help you realize some actions you should take to ensure your own business’ security.

In my line of work it’s quite common to be called in to investigate one piece of malware, and end up finding another. In this scenario, I was called in to investigate a piece of malware framed for stealing customer credit card data. While sifting through data, I found the real culprit. A memory scraper chameleon, capable of morphing into different versions to avoid anti-virus detection. 

View the Slideshare below.



Was this post informative? If so, please share!


David Ellis (GCIH, QSA, PFI, CISSP) is Director of Forensic Investigations at SecurityMetrics with over 25 years of law enforcement and investigative experience. Check out his other blog posts.