(Adds details on tax, risk)
BOSTON, July 31 The U.S. Department Of Homeland
Security warned retailers about a type of malicious software
attacking point-of-sales systems, dubbed "Backoff," that it said
is undetectable by most types of anti-virus software.
The agency released a 10-page advisory about the
payment-card-stealing virus Backoff on Thursday, saying it has
been observed in at least three forensic investigations into
breaches of payment systems.
The U.S. government has released reports on several types of
malicious software that cybercriminals used to steal payment
cards in the wake of last year's unprecedented breach on Target
Corp, which resulted in the theft of some 40 million
payment card numbers.
Backoff is a family-of-point of sale malware first
identified in October 2013 and with capabilities that include
scraping memory for track data, logging keystrokes and injecting
malicious stub into explorer.exe files, DHS said.
It said attackers use publicly available tools to find
businesses that use remote desktop applications, then gain
access to an administrative account to insert the malware.
The DHS advisory warned that such malware put both the
business and consumer at risk, exposing data including names,
credit card numbers, email addresses, mailing address and phone
"These breaches can impact a business' brand and reputation,
while consumers' information can be used to make fraudulent
purchases or risk compromise of bank accounts," it said.
(Reporting by Jim Finkle and Doina Chiacu; Editing by Franklin
Paul and Bill Trott)