Researchers at Kaspersky managed to intercept traffic between systems infected by Backoff and two servers used by hackers to control the malware.
In the span of just a few days, the researchers discovered more than 100 systems from 85 distinct IP addresses attempting to connect to the two malicious command-and-control servers. Of that number, 69 of the infected systems were in the U.S and 28 were in Canada.
The researchers also spied communications from a smattering of infected systems in other countries, including the United Kingdom and Israel.
Among those with infected systems were a global freight shipping and transportation company based in North America; a North American payroll association; a U.S.-based liquor store chain; and a U.S.-based Mexican food chain, Kaspersky said.
Most of the systems appear to have been compromised months ago, given that they were infected with a Backoff variant from October 2013, said Roel Schouwenberg, a senior security researcher at Kaspersky. "Looking at the bigger picture here, these companies were infected for a very long time -- maybe even half a year or longer," he said.