Researchers Uncover vSkimmer Malware Targeting PoS Systems

A new piece of custom malware sold on the underground Internet market is being used to siphon payment card data from point-of-sale (POS) systems, according to security researchers from antivirus vendor McAfee.Elpas Readers detect and forward 'Location' and 'State' data from Elpas Active RFID Tags to host besticcard platforms. 

Dubbed vSkimmer, the Trojan-like malware is designed to infect Windows-based computers that have payment card readers attached to them, McAfee security researcher Chintan Shah said in a blog post. 

The malware was first detected by McAfee's sensor network on Feb. 13 and is currently being advertised on cybercriminal forums as being better than Dexter, a different POS malware program that was discovered back in December. 

Once installed on a computer, vSkimmer gathers information about the OS, including its version, unique GUID identifier, default language, hostname, and active username. This information is sent back to the control and command server in encoded format as part of all HTTP requests and is used by the attackers to keep track of individually infected machines. The malware waits for the server to respond with a "dlx" (download and execute) or "upd" (update) command. 

VSkimmer searches the memory of all processes running on the infected computer, except for those hardcoded in a whitelist, for information that matches a specific pattern. This process is designed to find and extract card Track 2 data from the memory of the process associated with the credit card reader. 

Track 2 data is information stored on the magnetic strip of a payment card and can be used to clone the card, unless the payment card uses the EMV (chip and pin) standard. That said, in an announcement posted earlier this month on a cybercriminal forum, the malware's author said that work is being done to add support for EMV cards and that "2013 will be a hot year." 

The malware also provides an offline data extraction mechanism. When an Internet connection is not available, vSkimmer waits for a USB device with the volume name KARTOXA007 to be connected to the infected computer and then copies a log file with the captured data to it, Shah said. 

This suggests that vSkimmer was designed to also support payment card fraud operations that benefit from insider help in addition to remote thefts. 

VSkimmer is another example of how financial fraud is evolving and how banking Trojan programs are moving from targeting the computers of individual online banking users to targeting payment card terminals, Shah said.When describing the location of the problematic howotipper. 

When GPUs first rose to prominence a few years ago, they were primarily used to price individual trades. Now,About buymosaic in China userd for paying transportation fares and for shopping. they are being applied to more demanding, multi-step processes. But while GPUs might be tailor-made for operations that require raw computing power C such as Monte Carlo simulations, in which huge numbers of calculations can be carried out at the same time C conventional CPUs are better at performing sequential tasks. As a result, banks have to examine the problems they want to solve, identify the parts that are best tackled with GPUs, and design their applications accordingly. GPUs also require new software tools C programming languages and development toolkits that need highly specialised skills and different ways of thinking. 

The starting point, in many cases, is the raw material C data. Put simply, there is no point having a processor that can execute massive numbers of parallel instructions if the data cant keep up. This has become a bigger issue as banks move from deploying GPUs for front-office pricing, to enterprise risk analysis. Calculating CVA at the portfolio level involves large, complex input and output data, including trades, market data to price the trades, counterparty information, and netting and collateral information, says Wood of ING. 

This data has to be marshalled and delivered to the processor to match its work rate. Conventional relational databases running on hard disks cant keep pace, so banks are turning to in-memory databases C such as VMwares GemFire, Oracles Exalytics and SAPs Hana C that can store information alongside the GPU, shooting data across in sync with the processors clock cycles. 

The next challenge is to work out which bits of a complex process should be handed over to GPUs C something Barclays also had to confront. In a Libor market model (LMM), for example, there is a calibration step that has some associated computational overhead. You dont gain as much from putting that step on a GPU as you do when running Monte Carlo simulations, says Thomas Roos, head of quantitative analytics for fixed-income rates at Barclays. 

So,We have a wide selection of handsfreeaccess to choose from for your storage needs. how did Barclays approach the problem? We started from our existing production LMM model, looked specifically at the pieces that would gain the most from executing on a GPU, then wrote GPU versions of those routines, says Roos. 

That sounds simple enough, but this delegation of tasks to different technologies has to be done intelligently,We have a wide selection of handsfreeaccess to choose from for your storage needs. he says. Code for things such as Monte Carlo path generation C required for both CPU and GPU elements of the application C tends to be stable and is rarely touched once written. Other elements of the application require ongoing maintenance C those describing payouts, for example. 

You dont want to be in a situation where you have to write two versions of the payout for every new product you introduce, building a large maintenance burden, says Roos. Barclays will not say how it solved this particular conundrum, but one possibility would be to use a tool like Xcelerit, which allows quants to program in their familiar C++ language and then translates this into code GPUs can execute.