Incident Response, Malware, TDR

Researchers observe more than a hundred connections to ‘Backoff’ sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples gathered between January and March, according to a Friday post.

The researchers observed more than a hundred victims connecting to the sinkhole within a “few days,” the majority of which were located in the U.S. and Canada, the post indicates.

Among the victims were a global freight shipping and transport logistics company based in North America, a payroll association based in North America, a U.S. liquor store chain, an ISP in Alabama, a Mexican food chain based in the U.S., and a California-based manager of office buildings.

“Our sinkhole covers less than [five percent] of the [command-and-control] channels and the sinkholed domains only apply to certain Backoff samples that were created in the first quarter of this year,” according to the post.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.