Malicious DLL targets e-commerce sites for customer credit card data

Share this article:

E-commerce website operators should be vigilant of malware that targets servers in order to pilfer credit card data site customers fill out, a security firm warns.

In addition to stealing sensitive data, the malicious DLL (dynamic link library), dubbed “ISN,” is masked as a module for Microsoft Internet Information Services (IIS) web-hosting software, researchers on Trustwave's SpiderLabs team found.

John Miller, a security research manager at Trustwave, told SCMagazine.com on Wednesday that saboteurs “broke into the web servers” of victims in a few, limited instances and installed ISN. The malware was named as such because of character strings that showed up in all of the malware's exfiltration commands.

Miller said that ISN steals data by capturing POST requests, which are sent while submitting form data on sites.

“Anytime you are filling out a form in your browser, it captures [the data] on the server side,” Miller said. “We've only seen it going after credit card numbers currently, but it could go after any information you submit on a website.”

Since Trustwave published a blog post about the threat on Monday, more antivirus software has begun detecting the malware, Miller said.

According to researchers, the installer component of the malware has four embedded DLLs, which are used at discretion. The DLL installed depends on which Microsoft software the target runs – IIS6 or IIS7+ (in 32- and 64-bit versions for both).

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.