Pizza Hut Australia Point of Sales hit with ZeroAccess rootkit malware for over a year

Pizza Hut Australia hit with Point of Sales (PoS) ZeroAccess rootkit malware for over a year

Pizza Hut, Australia today revealed that it had suffered a year-long malware campaign which hit point of sale (PoS) systems. According to Webroot, the security audit partner of Pizza Hut, its chain of stores fell victim to a year-long malware campaign in 2013 which hit point of sales systems and caused order transmissions to fail.

ITNews in a blog post said that 60 of  300 Pizza Hut stores in Australia suffered varying amounts of downtime as a result of ‘steadily increasing’ malware infections over the 12-month period.

Webroot told ITNews that the effect of the malware was so great that it caused trade to be halted for up to two hours per incident. In some cases, the infected machines had to be re-imaged, which sometimes took the store offline for an entire day.

Webroot said that it had found variants of the ZeroAccess rootkit malware as well as fake anti-virus malware. Pizza Hut on its part said that its IT team had cleaned the entire system from the malware infestation in a three month long operation.  They also installed the Webroot’s cloud based anti-virus system to stop the future infections from occurring.

Lamar Bailey, director of security research and development at Tripwire, said: “If you are a retailer, it is no longer a question of if you have been compromised, but a question of how large the gap is between infection and detection.

“Being infected for a year likely equates to tens of thousands if not hundreds of thousands of credit card numbers stolen along with other customer PII. This breech likely impacted the bottom line of the retailer too due to lost orders and irate customers who went elsewhere for pizza. There is no sure fire way to stop breeches but retailers need to work hard to lower the detection gaps and lessen the impact to their business and customers.”

Tim Erlin, director or security and risk at Tripwire added further to his colleagues observation by saying,  “Pizza Hut corporate should be asking tough questions of their Australian operations in light of a year-long incident that included significant downtime and loss of business.”

ZeroAccess Rootkit malware

ZeroAccess, also known as max++ and Sirefef, is Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine from a botnet mostly involved in Bitcoin mining and click fraud, while remaining hidden on a system using rootkit techniques.  It is mostly used by cybercriminals for making the victims computer a zombie machine and use it for bitcoin mining and click frauds. Microsoft and its coalition partners tried to destroy the command and control structure of ZeroAccess in December 2013 but failed. Their attack was ineffective though because not all C&C were seized, and its peer-to-peer command and control component was unaffected – meaning the botnet could still be updated at will

It is not known how the cybercriminals used the ZeroAccess Rootkit malware on Pizza Hut PoS system.  If they used it for stealing customer information, then millions of Australian Pizza Hut customers payment card details may be at risk. A year long infection is enough to capture credit card details of a large population and given that Pizza Hut is very popular in Australia the risk of such an widespread payment card details leak looks very true. The company is currently investigating into the infection and has refused to comment on the issue.

You can read all about the ZeroAccess Rootkit malware on this PDF (Downloadable) file from Sophos. Techworm will bring you the latest about this infection as it happens.