By Dan Goodin in San Francisco
9th December 2009
Forget keyloggers and packet sniffers. In the wake of industry rules
requiring credit card data to be encrypted, malware that siphons
clear-text information from computer memory is all the rage among
scammers, security researchers say.
So-called RAM scrapers scour the random access memory of POS, or
point-of-sale, terminals, where PINs and other credit card data must be
stored in the clear so it can be processed. When valuable information
passes through, it is uploaded to servers controlled by credit card
While RAM scrapers have been around for a few years, they are a "fairly
new" threat, according to a report released Wednesday that outlines the
15 most common attacks encountered by security experts at Verizon
Business. They come in the wake of Payment Card Industry rules that
require credit card data to be encrypted as it passes from merchants to
the processing houses.
"They are definitely a response to some of the external trends that have
been going on in the cybercrime environment," says Wade Baker, research
and intelligence principal for Verizon Business. "Within a year, we've
seen quite a few of them in the wild."
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News