Comments on: Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware

In reply to Anonymous. non rekvalite sitems uniti problems v doskonalenie sistemi kattorie bolhe net na simle besapas...

https://blogs.cisco.com/security/talos/poseidon#comment-2311960

To answer the question about how stations get infected. Many POS malware infections start with insecure remote access. For example, over the past 12 months, LogMeIn was used insecurely by several...

https://blogs.cisco.com/security/talos/poseidon#comment-2301657

In reply to Douglas Held. Correction; service name "WinHost"....

https://blogs.cisco.com/security/talos/poseidon#comment-2299954

Authors, thank you for this well written information. I'm really interested to know whether the Loader service stays resident once the attack is underway? In that case, I think the simplest way t...

https://blogs.cisco.com/security/talos/poseidon#comment-2299897

Can you please provide MD5 Hash for IOC's above?

https://blogs.cisco.com/security/talos/poseidon#comment-2299655

In reply to Marpos. Likely USB or the like, you'd be surprised how effective localized infection vectors can be. Ask ...

https://blogs.cisco.com/security/talos/poseidon#comment-2296693

Mildar is on point. How is this malware propagating? What's the attack vector.

https://blogs.cisco.com/security/talos/poseidon#comment-2292040

How does these PoS systems get infected? It is uncommon to search web pages or receive emails on Pay terminals. So USB? (not very effective?) or not updated system -> exploit?

https://blogs.cisco.com/security/talos/poseidon#comment-2291033

In reply to Joel. You mean google wallet?

https://blogs.cisco.com/security/talos/poseidon#comment-2290705