Dexter can be present at big retailers
Dexter is not just a serial killer on Showtime. And this one doesn’t kill outright, preferring to keep victims alive as long as possible to systematically bleed them of resources and personal information.
Dexter is malware, or a malevolent computer program, that targets consumers through point-of-sale transactions. Computer-security analysts say Dexter has been found on hundreds of systems, including at big-name retailers, hotels, restaurants and parking garages.
Every time debit and credit cards are swiped through a processor, consumers run the risk of having their bank accounts tapped and their identities stolen.
As the shopping season intensifies in the three days remaining before Christmas, Dexter could be lurking behind each new gift bag, holiday feast or trip to grandma’s house.
“At a high level, the Dexter malware is really quite sim- ple,” Josh Grunzweig, a security researcher at Chicago-based Trustwave, said in an e-mail alert. “It only has three purposes in life: To always be running on the victim machine, to find any card, or track, data in any running program on the victim, and to communicate with the attacker that is controlling it.”
Unlike traditional malware, which infect personal computers through phishing schemes and links to bogus websites, Dexter targets retailers at the point of purchase.
The approach has computersecurity professionals buzzing on blogs and in warnings to consumers.
“An attacker can achieve the same results by targeting just a few (point-of-sale) systems,” Israeli-based Seculert advised in a recent blog. “This CALL 12 FOR ACTION data will most likely be used by cybercriminals to clone credit cards that were used in the targeted POS system.”
According to Seculert, Dexter has targeted retail systems in 40 countries. Not quite onehalf — 42 percent — of the infected systems are located in North America; 19 percent are in the United Kingdom.
Experts are unsure how Dexter is being installed onto point-of-sale terminals. But Seculert said more than half of the systems hit use Windows XP and another 30 percent use Windows Servers, which was described as unusually high for typical infection methods.
“It finds credit cards and tracks data like many other malwares out there,” researchers for Trustwave’s Spiderlabs said in alerts. “But this one can be remotely controlled by the attacker allowing for additional malware to be downloaded.”
Researchers said Dexter checks point-of sale terminals every 60 seconds and sends a message to the attacker or operator every five minutes. Anytime Dexter found new data, it would send it to the attacker with the next message.
“The attacker had the ability to change those timers … could download and install additional malware or could remove Dexter altogether,” Grunzweig said.
Researchers direct most protection remedies to the retailer, advising routine security updates and sweeps of point-of-sale terminals.
Consumers should take the same precautions protections they take to avoid any phishing schemes: Monitor account activity, check credit reports and report any unauthorized activity to banks or credit-card companies. That will help to ensure consumers only encounter Dexter on late-night television ... and are able to turn him off before he claims another victim.