Search This Blog

Sunday, September 20, 2015

POS Malware variant MWZLesson substantiates Malware Management should be practiced by retailers

Security experts at Doctor Web have discovered a new PoS Trojan dubbed MWZLesson that borrows code from other popular malicious software.

The DrWeb article states that "The new PoS Trojan, dubbed Trojan.MWZLesson, was designed reusing the code of other popular malware, including the Dexter PoS and the Neutrino backdoor.".

This Blog covers interesting malware and logging tips, but even the malware analysts are seeing what I have been saying for several years. Malware repeats patterns, artifacts, methods and clearly, code reuse.

If the retailers, IT and InfoSec staff would start practicing Malware Management, or any organization for that matter, they could be in a good position to detect any variants of similar malware or code reuse as the lesson to be learned from the latest MWZLesson POS malware shows us.

This concept is taught in my Malware Discovery and Basic a Malware Analysis training as it was pivotal in detecting APT I have dealt with in the past.

Seriously consider practicing Malware Management before the malwarians show you why you should have been doing it.

DrWeb article on MWZLesson POS malware

Various Malware Reports and Analysis

How to begin using the Malware Management Framework

#InfoSec #MalwareArchaeology