Malicious DLL targets e-commerce sites for customer credit card data

Share this article:

E-commerce website operators should be vigilant of malware that targets servers in order to pilfer credit card data site customers fill out, a security firm warns.

In addition to stealing sensitive data, the malicious DLL (dynamic link library), dubbed “ISN,” is masked as a module for Microsoft Internet Information Services (IIS) web-hosting software, researchers on Trustwave's SpiderLabs team found.

John Miller, a security research manager at Trustwave, told SCMagazine.com on Wednesday that saboteurs “broke into the web servers” of victims in a few, limited instances and installed ISN. The malware was named as such because of character strings that showed up in all of the malware's exfiltration commands.

Miller said that ISN steals data by capturing POST requests, which are sent while submitting form data on sites.

“Anytime you are filling out a form in your browser, it captures [the data] on the server side,” Miller said. “We've only seen it going after credit card numbers currently, but it could go after any information you submit on a website.”

Since Trustwave published a blog post about the threat on Monday, more antivirus software has begun detecting the malware, Miller said.

According to researchers, the installer component of the malware has four embedded DLLs, which are used at discretion. The DLL installed depends on which Microsoft software the target runs – IIS6 or IIS7+ (in 32- and 64-bit versions for both).

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Security foundation also warns of Netis router backdoor

Trend Micro first alerted the public to the backdoor affecting Netis and Netcore brand routers.

FBI, Apple investigate celebrity photo hacking incident

FBI, Apple investigate celebrity photo hacking incident

Reports surfaced that iCloud vulnerabilities may have allowed hackers to obtain personal photos, including nude images, of over 100 celebrities.