8 The Green - Suite #4652 Dover, DE 19901
1 302-724-4799

ALERT: Point of Sale RAM scraper malware

A special kind of malware has been hitting the headlines recently – that which attacks the RAM of Point of Sale (PoS) systems.

Although it’s been getting quite a bit of publicity recently, we actually first identified it as a threat back in December 2009 and wrote about it in an article on Naked Security entitled Will RAM scraping loosen the sky and make it fall?  Answering that question today, it just might!


problem of “insecure memory” is little-known and pervasive. Read on to find out what “insecure memory” means, and how it affects you. I even intentionally changed settings on a (secured) machine to use “insecure” memory just to show you how such a message might look. See the sacrifices I make for my readers?

Is this “insecure memory” thing a common problem?

It is far more common than you know. Very, very few encryption and decryption programs bother to tell you that you’re using “insecure memory” when they do so. There are several reasons for this:

MS Windows applications use “insecure memory” all the time, so there’s not much point in mentioning it, generally. There’s no way to fix the problem on MS Windows other than encrypting the swapfile (which, by the way, tends to slow it down quite a bit).  The vendors for some supposedly “secure” software don’t want you to worry your pretty little head when there’s a security problem, especially since that might affect sales.  Most programmers aren’t even aware the “insecure memory” problem exists. Thus, there’s a lot of cryptographic software that doesn’t provide any means of locking memory pages against being written to disk at all because the programmers simply didn’t know any better. Now, hopefully, you know better.