3 Replies Latest reply on Jul 24, 2013 2:41 PM by exbrit


      There is a malware package named BlackPOS in the wild since March 2013. The active agent file is MMON.EXE.

      Does the McAfee agent with the current signature file clean this virus?

        • 1. Re: BlackPOS

          I moved this to Top Threats.  From online searches I gather this is a point-of-sale infection similar to VSkimmer which is already in the McAfee Database.   I can't find reference to BlackPOS per se.


          You mention McAfee Agent yet you posted in Home Products - I assume you mean that in ePO?


          How to Submit Samples for Analysis

          • 2. Re: BlackPOS

            Just beat me to it. Although general Security Awareness Discussions is a better place, not Top Threats. Still ... <shrug>


            Yes this is similar to vSkimmer, which was first reported by Chintan Shah, a McAfee researcher. So similar that I bet McAfee has given them both some unfathomable code name with a differentiating suffix. Could be anywhere in the vil.nai database. BlackPOS is known otherwise as a dump-memory-grabber and is known to Microsoft as "Win32/Pocardler.A"


            BlackPOS is reported in many places but this is one of the more informative articles



            And here is the analysis of what it does. It's pretty primitive stuff, so there's probably cover for it.



            Message was edited by: Hayton on 24/07/13 20:29:23 IST


            Message was edited by: Hayton - added direct link to BlackPOS article on 25/07/13 00:21:54 IST
            • 3. Re: BlackPOS

              Moved ;-)