cancel
Showing results for 
Search instead for 
Did you mean: 
andynold
Level 7

BlackPOS

There is a malware package named BlackPOS in the wild since March 2013. The active agent file is MMON.EXE.

Does the McAfee agent with the current signature file clean this virus?

0 Kudos
3 Replies
exbrit
Level 21

Re: BlackPOS

I moved this to Top Threats.  From online searches I gather this is a point-of-sale infection similar to VSkimmer which is already in the McAfee Database.   I can't find reference to BlackPOS per se.

You mention McAfee Agent yet you posted in Home Products - I assume you mean that in ePO?

How to Submit Samples for Analysis

0 Kudos
Hayton
Level 17

Re: BlackPOS

Just beat me to it. Although general Security Awareness Discussions is a better place, not Top Threats. Still ... <shrug>

Yes this is similar to vSkimmer, which was first reported by Chintan Shah, a McAfee researcher. So similar that I bet McAfee has given them both some unfathomable code name with a differentiating suffix. Could be anywhere in the vil.nai database. BlackPOS is known otherwise as a dump-memory-grabber and is known to Microsoft as "Win32/Pocardler.A"

BlackPOS is reported in many places but this is one of the more informative articles

http://pciguru.wordpress.com/2013/05/28/blackpos/

And here is the analysis of what it does. It's pretty primitive stuff, so there's probably cover for it.

http://www.xylibox.com/2013/05/dump-memory-grabber-blackpos.html

Message was edited by: Hayton on 24/07/13 20:29:23 IST

Message was edited by: Hayton - added direct link to BlackPOS article on 25/07/13 00:21:54 IST
0 Kudos
Highlighted
exbrit
Level 21

Re: BlackPOS

Moved ;-)

0 Kudos