back to article World's worst exploit kit now targeting point-of-sale systems

Trend Micro researcher Anthony Joe Melgarejo says the sophisticated Angler exploit kit popular in cybercrime circles is now targeting point-of-sale (PoS) systems. It appears to be the first time an exploit kit has included PoS in its list of hackable platforms, putting them alongside the likes of Adobe Flash, Reader, Java, and …

  1. Mark 85 Silver badge

    Cash only then?

    Is it time to go back to cash only? Or maybe checks?

    1. Anonymous Coward
      Anonymous Coward

      Re: Cash only then?

      Or time for the NSA and GCHQ to put some of their mighty resources to squash some of these nasties.

      I don't want them to give up on other stuff, but given that most recent terrorist attacks have been executed by perps known to the agencies which they have failed to follow up on they may as well divert some resources to stuff they are best placed to actually deal with.

      Cash isn't all that reliable these days, I've had a few places recently refuse to take my folding stuff because they thought it was suspect. And don't get me started on the 'cash loaders' I have to use at work to charge up my staff card, they regularly fail to accept any notes so I go hungry.

      Maybe if my company spent a billion or so less on football rights and just a little bit more on staff services things would be better?

      But Mr Darroch tells me all is well so who am I to argue?

  2. Anonymous Coward
    Anonymous Coward

    Rat poison is good for rats?

    Surely it's the world's best exploit kit? The worst wouldn't be anything to worry about

  3. tony2heads

    Angler exploits two Adobe Flash vulnerabilities

    Why do PoS terminals need Flash??

    1. Dan Paul

      Re: Angler exploits two Adobe Flash vulnerabilities

      They don't. Flash is simply a point of entry to the overall network. So a "Luser" clicks on an infected Flash file (How many Russian language emails with .zip attachments can you get before you figure something is up?), is on the same network as the POS systems and the exploit works it's way through to the POS equipment.

      The real issue is why is there a reason to have the POS directly connected to a network that is facing the Internet. It should be on it's own segregated network. In fact, I wouldn't trust a VPN or use a subnet.

      Just take them off the regular network entirely. The vendor who manages the POS should be required to come to the site and download any consumption data rather than using the Internet.

  4. Smooth Newt Silver badge

    World's worst exploit kit

    You mean the World's best exploit kit? Worst = Most inferior. The World's worst exploit kit would be really crap at exploits.

  5. Anonymous Coward
    Anonymous Coward


    Melgarejo says Angler uses some anti-analysis tricks to shut down in the presence of white hats including looking for running instances of Wireshark, virtualisation, sandboxing

    So just run your PoS in a sandbox or VM and Angler won't touch it? Keep Wireshark running?

    1. Cronus
      Thumb Up

      Re: Sandboxing

      I've been thinking this for quite a while now. Being a developer with these kinds of tools running on my machine most of the time in the background just idling, I've probably avoided a whole heap of exploit kits.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021