tag:blogger.com,1999:blog-5365964245877416061.post823413384606600758..comments2024-02-23T05:31:25.274+01:00Comments on XyliBox: Point-of-Sale and memory scrappersSteven Khttp://www.blogger.com/profile/00282466473904820396noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-5365964245877416061.post-37396083239502749402015-05-29T10:22:51.596+02:002015-05-29T10:22:51.596+02:00Steven I could hump you..... SERIOUSLY THOUGH::::
...Steven I could hump you..... SERIOUSLY THOUGH::::<br /><br />https://www.virustotal.com/en/file/bea36957edeab025bdad5a04daa317f913212103a2bde608529ea18d978e7d45/analysis/1354666164/<br /><br />↑<br />WHAT THE FUCK 3/42 AFTER 2 YEARS ON POINT OF SALE!??!?<br /><br />either this guy was way to successful or way to unsuccessful and he didn't hit much.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-63525502356711936772013-12-30T21:43:40.646+01:002013-12-30T21:43:40.646+01:00I didn't realize people were still scanning en...I didn't realize people were still scanning entire WAN IP ranges looking for vulnerable services.. My only guess is the POS is on LAN and there are machines with poor security that end up on botnets..gamer564574574https://www.blogger.com/profile/00181037915177440174noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-40244302690246126022013-12-29T18:23:32.596+01:002013-12-29T18:23:32.596+01:00How is it spreading? POS terminal don't typica...How is it spreading? POS terminal don't typically navigate webpages or email, and it's not economical to scan IP ranges for vulnerable services anymore. I also don't think any malware is brute forcing SMB anymore to do RPC execution.<br /><br />ThanksAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-81165130478137723092012-12-13T13:20:33.475+01:002012-12-13T13:20:33.475+01:00nice articlenice articleAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-22593486148956013892012-12-12T21:28:01.642+01:002012-12-12T21:28:01.642+01:00most of time yeah they are just connected to inter...most of time yeah they are just connected to internet via VNC or RDP, hackers just can network and hope for weak passwordsSteven Khttps://www.blogger.com/profile/00282466473904820396noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-19488940417538734812012-12-12T21:15:09.435+01:002012-12-12T21:15:09.435+01:00how does the PoS merchant get infected? are they o...how does the PoS merchant get infected? are they on systems connected to the internet? or is this an inside job type...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-4670136646433483542012-12-09T20:12:09.412+01:002012-12-09T20:12:09.412+01:00The malware is used to extract T1/T2 data from a P...The malware is used to extract T1/T2 data from a Point of Sale machine/terminal. So it's the data that's on the magnetic strip on the back of your cards. Therefore, it is installed in stores so that they can retrieve the info and use it maliciously. Zoranoreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-1187519758302523172012-12-08T21:57:36.928+01:002012-12-08T21:57:36.928+01:00What does these softwares actually do?
Write data...What does these softwares actually do? <br />Write data to a magnet card?<br />or they are installed in real shops like auchan, tesco to the cashing out machine?quqaaahttps://www.blogger.com/profile/06983218015618342484noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-81688340133409100862012-12-07T21:57:50.095+01:002012-12-07T21:57:50.095+01:00Like the article, good work as usual :)
--Zora ;)...Like the article, good work as usual :)<br /><br />--Zora ;)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-71644576362893206672012-12-07T12:07:13.851+01:002012-12-07T12:07:13.851+01:00access to the POS or the server used by malware ?access to the POS or the server used by malware ?Steven Khttps://www.blogger.com/profile/00282466473904820396noreply@blogger.comtag:blogger.com,1999:blog-5365964245877416061.post-7142837889285804112012-12-07T12:01:54.367+01:002012-12-07T12:01:54.367+01:00Very suspicious, how did you get access anyway?Very suspicious, how did you get access anyway?Anonymousnoreply@blogger.com