Memory Scrapers, Keyloggers, and Sniffers Oh My!
All sorts of malware cause all sorts of trouble.
 |
| By: Brand Barney |
For example, a tunneling virus will attempt to install itself under your antivirus. If the virus is able to put it’s sneaky self between your OS and antivirus, when your antivirus sends out systems checks (looking to see if your system is healthy) the tunneling virus will catch the request and respond with a false “everything is healthy and working...no infection here” response. Tricky tricky.
In late 2013, criminals installed malware on point of sale devices in the checkout lines at Target stores. Using this malware, they were able to capture magnetic stripe data the instant cards were swiped at the terminal. As you probably know, this malware enabled the million-card heist that forced Target into the public spotlight for months.
 |
| How Hackers Got Into Target (Bloomberg Businessweek) |
Let’s explore some of the most common malware that affects small businesses.
TweetMemory Scraper
A memory scraper is designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. They rose to popularity in the past few years because they’re very effective at grabbing data in a system that doesn’t encrypt at swipe.As Gary Glover, an esteemed colleague of mine pointed out,
“…Most POS devices encrypt card data at some point after a card is swiped, but most take their sweet time, delaying encryption for millisecond, a second, ten seconds…or longer. To a business owner, ten seconds ‘til encryption sounds pretty safe, but to a criminal, that few seconds is plenty of time to snag card data from a computers memory or capture it from a hacker modified card swipe device.
“Hackers can easily install memory scraping software that captures card swipe data during the delay from right under your nose, save it in a carefully coded database filled with thousands of other credit card numbers, and never alert you to their conniving presence. Who knows how long that could go on without a merchant finding out about it.
“There’s only one way to avoid leaving ten-second holes in security. Encrypt card data at the exact millisecond of collection.”
Luckily for us, Point-to-Point Encryption (P2PE) is the answer to that problem. Unfortunately, getting merchants around the world to implement P2PE-validated payment terminals is harder than it seems.
SEE ALSO: 5 P2PE Trends in 2015
Keylogger
How creepy would it be if someone knew everything you were doing on your computer? Well, that’s what keyloggers are. They are the type of malware that secretly records every keystroke a user makes on a computer or mobile device.
In such a way, malware authors can easily harvest typed information like passwords, bank account numbers, messages to friends, or credit cards typed on payment pages. Most are software-based, run in the background of your computer, and record everything you type. Some keyloggers can even take screenshots.
Check out this article on a 5-year keylogger called NightHunter.
Once a keylogger is installed on your system, it’s very difficult to detect. However, if the malware program is designed poorly, you might see some of the following symptoms:
- Delays when using the keyboard or performing simple tasks
- Excessive hard drive activity
- Entered text is incorrect (backwards, weird icons)
- Blinking network lights when you aren’t typing
- Repeated unauthorized access to password-protected accounts or email hacking
SEE ALSO: The Ineffectiveness of Antivirus
Packet Sniffer
Just as bloodhounds are able to scrutinize different scents to track a specific animal for its owner, packet sniffers decode and analyze sensitive data (like card data), reporting it back to their owner.
This software (used by malicious people) intercepts potentially unencrypted incoming and outgoing network traffic during transit. The sniffer is able to decide if the information is a credit card or some other sort of sensitive data. If the information is valuable, the sniffer copies it.
Depending on where it’s installed, a packet sniffer could see your emails, credit card information, which websites you visit, the audio you’re streaming, and anything you download.
Rootkit
Rootkits are very difficult to detect because they live in the system’s kernel (or deepest) level. I like to think of rootkits as a wolf in sheep’s clothing because their programming allows a cybercriminal to get admin-level access to a computer by executing certain programs in a ‘kit’. One of the first things they do once they have access is open up a back door, which allows for them to come in any time they wish without authenticating.
These kits allow the installation of hidden files, alteration of security processes, and hidden user accounts. A rootkit can eavesdrop to get data from network connections, keyboard strokes, and terminals. Some can reinstall themselves each time the computer restarts, even if the original was removed by an anti-malware program.
One of the most famous (though not malicious) rootkits was Sony BMG’s attempt at digital rights management. They placed software on CDs that, when installed on home computers, prevented CD copying. The (illegal) software was so good, not one anti-virus application could detect it. Unfortunately for Sony, the software also created new vulnerabilities that affected the security of user’s computers.
Depending on the rootkit they can be very difficult to detect. Remember, prevention is definitely the best medicine in this instance. Stay safe by installing both a software and hardware firewall in your network! Keep your antimalware up-to-date, properly configured, and in use.
If you liked this post, please share!
Brand Barney (CISSP, HCISPP, QSA) is a Security Analyst at SecurityMetrics, has over 10 years of data security experience, and will totally geek out if you mention Doctor Who. Brand loves to play jazz piano and daydreams about being as great as Dave Brubeck or Thelonious Monk. Connect with him on Twitter or check out his other blog posts.
