Malicious DLL targets e-commerce sites for customer credit card data

Share this article:

E-commerce website operators should be vigilant of malware that targets servers in order to pilfer credit card data site customers fill out, a security firm warns.

In addition to stealing sensitive data, the malicious DLL (dynamic link library), dubbed “ISN,” is masked as a module for Microsoft Internet Information Services (IIS) web-hosting software, researchers on Trustwave's SpiderLabs team found.

John Miller, a security research manager at Trustwave, told SCMagazine.com on Wednesday that saboteurs “broke into the web servers” of victims in a few, limited instances and installed ISN. The malware was named as such because of character strings that showed up in all of the malware's exfiltration commands.

Miller said that ISN steals data by capturing POST requests, which are sent while submitting form data on sites.

“Anytime you are filling out a form in your browser, it captures [the data] on the server side,” Miller said. “We've only seen it going after credit card numbers currently, but it could go after any information you submit on a website.”

Since Trustwave published a blog post about the threat on Monday, more antivirus software has begun detecting the malware, Miller said.

According to researchers, the installer component of the malware has four embedded DLLs, which are used at discretion. The DLL installed depends on which Microsoft software the target runs – IIS6 or IIS7+ (in 32- and 64-bit versions for both).

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Four men charged with stealing Microsoft and U.S. Army trade secrets

Four men charged with stealing Microsoft and U.S. ...

The young men allegedly used SQL injection and stolen logins to gain access to systems at various companies and steal their intellectual property.

Google bumps maximum Chrome bug bounty reward to $15K

A high-quality report with a functional exploit for a sandbox escape will earn a bug hunter $15,000, according to the new reward amounts.

Survey: orgs adopt hybrid cloud environments despite security concerns

Survey: orgs adopt hybrid cloud environments despite security ...

Despite difficulties and concerns regarding security, more than 60 percent of respondents have adopted or plan to adopt a hybrid cloud environment.