Scammers scrape RAM for bank card data

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2009/12/09/ram_scraper_credit_card_theft/

By Dan Goodin in San Francisco
The Register
9th December 2009 

Forget keyloggers and packet sniffers. In the wake of industry rules 
requiring credit card data to be encrypted, malware that siphons 
clear-text information from computer memory is all the rage among 
scammers, security researchers say.

So-called RAM scrapers scour the random access memory of POS, or 
point-of-sale, terminals, where PINs and other credit card data must be 
stored in the clear so it can be processed. When valuable information 
passes through, it is uploaded to servers controlled by credit card 
thieves.

While RAM scrapers have been around for a few years, they are a "fairly 
new" threat, according to a report released Wednesday that outlines the 
15 most common attacks encountered by security experts at Verizon 
Business. They come in the wake of Payment Card Industry rules that 
require credit card data to be encrypted as it passes from merchants to 
the processing houses.

"They are definitely a response to some of the external trends that have 
been going on in the cybercrime environment," says Wade Baker, research 
and intelligence principal for Verizon Business. "Within a year, we've 
seen quite a few of them in the wild."

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org