14 DAY TRIAL // The victims of Backoff, the recently discovered point-of-sale malware affecting retailers all over the US, created victims in various sectors, researchers found after sinkholing two domains used for command and control activities.
The malware does not discriminate when it comes to making victims and has been seen lurking even on the systems of a charitable organization.
Backoff’s presence has been detected on the computers of an ISP (Internet Service Provider) from Alabama, as well as on the network of a global freight shipping and transport logistics company with offices in North America.
Surprisingly, the machines from a state institute connected with information technology and communication in Eastern Europe have fallen prey to the PoS malware too.
Other odd victims were a payroll association in North America and a company that owns and manages office buildings in California.
The owners of other infected machines were a better fit to the type of target sought by the operators of Backoff, as they activated in the retail industry: a US-based Mexican food chain, a Canadian company that operates a large chain of restaurants, and a liquor store in the US.
After monitoring the connections to the servers, Kaspersky revealed that the number of infections was quite large, with more than one hundred victims in multiple countries requesting instructions from the command center.
The researchers extracted the C&C information from some samples that have been compiled between January and March 2014.
69 of the victims were from the United States, while 28 have been located in Canada. Although these figures may seem low compared to what is regularly published for other malware infections, keep in mind that they refer to businesses, so the amount of individuals impacted is much larger.
On the same note, Kaspersy says that their sinkholes cover less than 5% of the command servers, and the domains are valid only for some variants of the malware that have been created at the beginning of the year.
Victims from the United Kingdom, Bermuda, Guyana, Israel and Serbia also contacted the malicious domains controlled by Kaspersky.
Backoff popped on the radar of security experts at the end of July, when the US CERT (Computer Emergency Readiness Team) published an advisory about a new PoS malware that had been detected to operate since at least October 2013.
It was analyzed by researchers at Trustwave, and since then, new victims constantly report security incidents affecting customer credit and debit card data.
The malware is said to have affected more than 1,000 businesses in the US, but it appears that it has popped up in other parts of the world.