Backoff
Posted: November 14, 2014
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Ranking: | 9,323 |
---|---|
Threat Level: | 1/10 |
Infected PCs: | 3,368 |
First Seen: | November 14, 2014 |
---|---|
Last Seen: | October 11, 2023 |
OS(es) Affected: | Windows |
Backoff is a spyware family specializing in gathering credit card information from Point-of-Sale business systems. Major chains that have been compromised by Backoff campaigns include P.F. Chang's, K-Mart and Dairy Queen, with hundreds of individually-infected machines potentially yielding up information for thousands of customer credit cards. Along with all the usual security precautions standard to any business, malware researchers advise detecting and eliminating Backoff through standard anti-malware scans, due to its lack of distinct symptoms.
ROM: the New Version of Backoff getting Back in the Game
Backoff is a series of PoS Trojans that have gone through various revisions over the last few years, with their latest variant dubbed ROM. While ROM has removed the keyboard-logging functions of prior versions of Backoff, in other respects, all versions of Backoff include similar attack functions intended for compromising financial data. Despite its upgrades, even old versions of Backoff were highly successful in their campaigns, which stole information for millions of credit cards and warranted warnings from the U.S. Department of Homeland Security.
Backoff installers may be disguised to look like JavaScript patches or media player files. After Backoff compromises a PoS machine, Backoff searches through active memory processes for card information, using various methods of sorting out unwanted processes. Backoff protects any collected credit card data with encryption, which may prevent some standard security solutions from identifying the breach.
Because Backoff uses a memory-injection exploit to guarantee its persistence, terminating its process or even deleting its files will not necessarily remove Backoff from an infected PC, which may re-launch and reinstall itself, as necessary. Backoff also may receive additional instructions through its C&C communications, similar to any backdoor Trojan, which could allow Backoff to update itself, uninstall itself or modify its behavior in various ways.
Getting a Trojan to Back Off from Your Customers
Backoff has gone through multiple revisions before settling on its latest, ROM variant, which also is likely to see its replacement in the future. Threats that undergo such thorough maintenance and development are best identified and removed with similarly up-to-date anti-malware utilities. No distinct symptoms of Backoff infections are likely to be visible to casual PC users or employees conducting standard business operations. You should not expect to see visible memory processes or activities related to Backoff's attacks, and anti-malware alerts from installed software may be the only notification granted during the collection of countless customer credit cards' data.
Backoff and other PoS Trojans may offer enormous financial returns for little effort, provided that the responsible persons may compromise the business PCs in the first place. Sadly, Backoff's high rate of success among even major, international chains seems to corroborate with the claims of some PC security companies that PoS system security is 'a very bleak picture.'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.