April 2, 2013

Always be “Mal-Aware”

Cyber attacks are becoming more and more common. The Internet has been abuzz with them for years, but in the past week, we have seen some of the largest attacks ever launched. Shift4’s Information Security team monitors these threats and has asked us to bring one of them to your attention, as we would hate to see it affect any of our merchant customers.

One of the latest malware packages making its rounds is a program called vSkimmer. It has several forms of delivery, most involving “phishing” emails or compromised websites. It can also be installed using a USB thumb drive. What makes this program particularly threatening, and the reason we wanted to bring this to our customers’ attention, is that it specifically targets Point-of-Sale applications looking for Track 2 swipe information that may be stored in the computer’s memory. (Track 2 data is the data used by Debit networks.) Once it finds Track 2 information, it stores this data then either forwards it to stolen data collectors out on the Internet or, if it can’t get to any collectors, holds it for future pickup by a hacker using a thumb drive or other means.

PCI requires the use of anti-virus/anti-malware (AV) software. Our recommendation is to verify that your AV software is up to date and is scanning at least on a weekly basis.

We are not aware of any Shift4 customers being affected by this malware – we just want to remind everyone to stay vigilant.

Additional technical information on this threat and how it functions can be found at the links below: