This month we added four new malware families to the
Malicious Software Removal Tool:
Win32/Saluchtra,
Win32/Dexter,
Win32/Unskal and
Win32/IeEnablerCby, further protecting customers against malicious activity.
IeEnablerCby is an unwanted software family that can install browser add-ons or extensions without asking for your permission. The other three malware families also have similar information stealing capabilities, if a system is compromised. This blog will focus on Unskal, a point-of-sale (POS) malware.
POS malware
target retail companies in an attempt to steal customer payment details, such as credit card information. The stolen data can then be sold in underground markets. These threats can be deployed to a system by brute-forcing log in credentials on machines with weak passwords. They can also be installed by other malware, or by exploiting software vulnerabilities.
Unskal is also known as Backoff, and was initially detailed in a
US-CERT alert. Due to its targeted infection, we observed very low numbers in our telemetry for the past month. However, each infection can potentially have a high impact due to the exposure of sensitive information. Infections with this family are more common in the United States as shown in Figure 1.
