Threat Intelligence Blog

Posted March 31, 2008

eWeek updates the Hannaford data breach story, explaining that malware was found to be present on the Web servers located in every grocery store owned by the chain. While the source of the malware remains unknown, the data breach exemplifies the damage that purpose-built malware can inflict on its target.

This malware used in the Hannaford attack apparently captured Track 2 credit card information as part of the authorization process. With relative ease, criminals in possession of Track 2 data can create counterfeit plastic credit cards embedded with real customer data in the magnetic strip of the card for use in “card present” transactions. So in this case, the online malware attack vector was likely designed to facilitate offline fraudulent transactions.

Additional Posts

Not Your Father’s Oldsmobile

It appears that the recently retired Oldsmobile brand will soon return as a Japanese car. Even more ...

Euro 2008 Football Tickets Site Hacked

The online ticket site was identified as distributing malware to visitors when ...