Detecting The Trojan.POSRAM Malware
Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.
Malware is created for a number of different purposes and often targeted at a specific industry or type of software. Such is the case for Point-Of-Sale systems, those systems that process transactions in a retail environment are highly sought after by attackers as they can be a gold mine for credit card data. Tenable's products can be used to detect if such malware, for example the recently discovered Trojan.POSRAM (aka "The BlackPOS malware" as references by the Kreb's on Security Blog) in the following ways:
- Creating an Asset List of POS Systems - Using process detection inside Nessus, you can find all systems running POS related processes
- Using the Passive Vulnerability Scanner you can detect DLL files being transferred over SMB
- ICMP anomalies can be detected using both PVS and the Tenable Network Monitor (Netflow data analysis) as ICMP is used by the malware
- PVS plugin 7 logs all ports that have any type of highly random network session which could indicate encryption used by the backdoor shell code
Tenable's products can also be used to discover Unauthorized FTP access, "Rogue" applications, activity from "hacking tools" and search for malware with custom MD5 hashes. For a more detailed overview you can check out Ron Gula's recent post to the discussions forum.
Related Articles
Cybersecurity Snapshot: North Korea’s Cyber Spies Hunt for Nuclear Secrets, as Online Criminals Ramp Up AI Use in the EU
July 26, 2024Check out a CISA-FBI advisory about North Korean cyber espionage on critical infrastructure orgs. Plus, what Europol found about the use of AI for cybercrime. Meanwhile, the risk concerns that healthcare leaders have about generative AI. And a poll on water plant cybersecurity. And much more!
Kinsing Malware Hides Itself as a Manual Page and Targets Cloud Servers
May 16, 2024Tenable Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, exploits Apache Tomcat servers with new advanced stealth techniques. Explore our analysis and the indicators of compromise in this report.
Shifting the Paradigm: Why the Cyber Insurance Industry Should Focus on Preventive Security
May 13, 2024As claims and losses climb, it’s clear that preventive security should be prioritized more when designing a cyber insurance policy. Here’s why preventive security investments are cost effective and can lead to lower premiums.
Cybersecurity Snapshot: Many Employees Overshare Work Info with AI Tools, Report Finds, as ‘Cybersecurity Awareness Month’ Kicks Off
October 4, 2024Check out the best practices cyber agencies are promoting during Cybersecurity Awareness Month, as a report warns that staffers are feeding confidential info to AI tools. Meanwhile, a study highlights how business decisions can derail OT security. Plus, get the latest on Active Directory security, CISO salary trends and ransomware attacks!
How to Unlock Advanced IoT Visibility for Cyber-Physical Systems
October 1, 2024As the number of IoT devices deployed globally continues to rise, cyber-physical systems and business operations are exposed to greater risk. Improving asset visibility, monitoring and risk management are critical steps to preventing breaches.
Cybersecurity Snapshot: NIST Program Probes AI Cyber and Privacy Risks, as U.S. Gov’t Tackles Automotive IoT Threat from Russia, China
September 27, 2024A new NIST program will revise security frameworks like NIST’s CSF as AI risks intensify. Plus, the U.S. may ban cars with Russian and Chinese IoT components. Meanwhile, the CSA adds AI insights to its zero trust guide. And get the latest on cybersecurity budgets, SBOMs and the Ghost cybercrime platform!
- Malware
- Nessus Network Monitor