Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Analysis of Dexter Malware Uncovers Mystery Man, And Links to Zeus

chicksdaddy (814965) writes | about 2 years ago

Security 0

chicksdaddy writes "The newly discovered Dexter malware is one of the few examples of a malicious program that targets point of sale terminals, but also communicates, botnet-like, with a command and control infrastructure. According to an analysis by Seculert, the custom malware has infected “hundreds POS systems” including those operated by “big-name retailers, hotels, restaurants and even private parking providers.”
Now a detailed analysis by Verizon’s RISK team suggests that Dexter may be a creation of a group responsible for the ubiquitous Zeus banking Trojan.
By analyzing early variants of Dexter discovered in the wild, Verizon determined that the IP addresses used for Dexter’s command and control were also used to host Zeus related domains and several domains for Vobfus, also known as “the porn worm,” which has been used to deliver the Zeus malware.
Verizon also produced some tantalizing clues as to the identity of one individual who may be a part of the crew responsible for the malware. The RISK team linked the domain registration for a Dexter C&C server to an unusual online handle, “hgfrfv,” that was used to post a number of suggestive help requests (“need help with decrypting a table encrypted with EncryptByKey") in online technical forums, where a live.com e-mail address was also provided. The account name was also linked to a shell account on the outsourcing web site freelancer.com, which lists “hgfrfv” as an individual residing in the Russian Federation."

Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>