Malicious DLL targets e-commerce sites for customer credit card data

Share this article:

E-commerce website operators should be vigilant of malware that targets servers in order to pilfer credit card data site customers fill out, a security firm warns.

In addition to stealing sensitive data, the malicious DLL (dynamic link library), dubbed “ISN,” is masked as a module for Microsoft Internet Information Services (IIS) web-hosting software, researchers on Trustwave's SpiderLabs team found.

John Miller, a security research manager at Trustwave, told SCMagazine.com on Wednesday that saboteurs “broke into the web servers” of victims in a few, limited instances and installed ISN. The malware was named as such because of character strings that showed up in all of the malware's exfiltration commands.

Miller said that ISN steals data by capturing POST requests, which are sent while submitting form data on sites.

“Anytime you are filling out a form in your browser, it captures [the data] on the server side,” Miller said. “We've only seen it going after credit card numbers currently, but it could go after any information you submit on a website.”

Since Trustwave published a blog post about the threat on Monday, more antivirus software has begun detecting the malware, Miller said.

According to researchers, the installer component of the malware has four embedded DLLs, which are used at discretion. The DLL installed depends on which Microsoft software the target runs – IIS6 or IIS7+ (in 32- and 64-bit versions for both).

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.