Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

vSkimmer Point-of-Sale Terminals Server Information Disclosure


Check Point Reference: CPAI-2014-0749
Date Published:
Source: IPS Research Team
Protection Provided by: Security Gateway
  • R75
Who is Vulnerable?
Windows-based servers
Vulnerability Description
vSkimmer is a Trojan-like malware designed to infect Windows-based servers attached with payment card readers. Post infection, the malware gathers sensitive information such as Credit Card numbers and sends it back to the C&C server.

Protection Overview
This protection will detect and block communication attempts made to the malware's C&C.

In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Security Gateway R75 / R71 / R70

How Can I Protect My Network?

  1. In the IPS tab, click Protections and find the vSkimmer Point-of-Sale Terminals Server Information Disclosure protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: Malware Traffic
Attack Information: vSkimmer Point-of-Sale Terminals Server Information Disclosure