Wednesday, December 9, 2009
"Forget keyloggers and packet sniffers. In the wake of industry rules requiring credit card data to be encrypted, malware that siphons clear-text information from computer memory is all the rage among scammers, security researchers say.
"So-called RAM scrapers scour the random access memory of POS, or point-of-sale, terminals, where PINs and other credit card data must be stored in the clear so it can be processed. When valuable information passes through, it is uploaded to servers controlled by credit card thieves.
"While RAM scrapers have been around for a few years, they are a `fairly new` threat, according to a report released Wednesday that outlines the 15 most common attacks encountered by security experts at Verizon Business. They come in the wake of Payment Card Industry rules that require credit card data to be encrypted as it passes from merchants to the processing houses.
"`They are definitely a response to some of the external trends that have been going on in the cybercrime environment,` says Wade Baker, research and intelligence principal for Verizon Business. `Within a year, we've seen quite a few of them in the wild.`"
More at The Register...