Backoff malware infections are more widespread than thought

30. August 2014
The number of businesses hit by the data-stealing Backoff malware may be substantially more than the 1,000 or so companies estimated by federal officials, according to security vendor Kaspersky Labs.

Researchers at Kaspersky managed to intercept traffic between systems infected by Backoff and two servers used by hackers to control the malware.

In the span of just a few days, the researchers discovered more than 100 systems from 85 distinct IP addresses attempting to connect to the two malicious command-and-control servers. Of that number, 69 of the infected systems were in the U.S and 28 were in Canada.

The researchers also spied communications from a smattering of infected systems in other countries, including the United Kingdom and Israel.

Among those with infected systems were a global freight shipping and transportation company based in North America; a North American payroll association; a U.S.-based liquor store chain; and a U.S.-based Mexican food chain, Kaspersky said.

Most of the systems appear to have been compromised months ago, given that they were infected with a Backoff variant from October 2013, said Roel Schouwenberg, a senior security researcher at Kaspersky. "Looking at the bigger picture here, these companies were infected for a very long time -- maybe even half a year or longer," he said.