This whitepaper is the first of a series of FortiGuard Technical Analyses that go in-depth into the inner workings of malware. In this paper we take a look at the malware known as Soraya. Soraya is unique in that it combines the form-grabbing techniques seen in the ubiquitous Zeus and the memory-parsing techniques seen in Point of Sale (POS) malware such as Dexter and JackPOS. In this report, we join Junior AV Analyst Hong Kei Chan in dissecting Soraya: How Soraya installs itself How Soraya grabs the contents of forms How Soraya parses its target's... [Read More]
by RSS Richard Henderson  |  Jul 14, 2014  |  Filed in: Security Research
In a previous blog post on Dexter, we briefly mentioned a new strain of point-of sale (PoS) malware that has compromised over 4,500 credit cards in the United States and Canada. This new strain of malware, dubbed JackPOS, was detected early this year and between then and the time of writing, has had just one version, but with multiple variants. In this blog post, we look briefly at the unique attributes of JackPOS: its custom pattern matching and its command-and-control (C&C) communication. We will conclude with quick remarks on the newest... [Read More]
by RSS Hong Kei Chan  |  Jun 24, 2014  |  Filed in: Security Research
Hong Kei Chan, Junior AntiVirus Analyst Special Technical Contribution by Liang Huang, Senior Antivirus Analyst Dexter, a custom point-of-sale (POS) malware, has the ability to search through the memory of POS systems for credit and debit card information. POS malware have been making headlines this year, from Target's data breach -- where it has been reported that approximately 40 million credit and debit card accounts had been compromised (Source) -- to more recently, a new strain of POS malware compromising over 4,500 credit cards in the United... [Read More]
by RSS Hong Kei Chan  |  Mar 10, 2014  |  Filed in: Security Research