Security firm IntelCrawler said it has identified a Russian teenager as the author of the malware probably used in the cyberattacks against Target and Neiman Marcus, and that it expects more retailers to acknowledge that their systems were breached.
In a report posted online, the Sherman Oaks, Calif., company said the author of the malware used in the attacks has sold more than 60 versions of the software to cybercriminals in Eastern Europe and other countries. The firm said the 17-year-old has roots in St. Petersburg. He reportedly has a reputation as a "very well known" programmer in underground marketplaces for malicious code, the report said.
The company said the teenager did not perpetrate the attacks, but that he wrote the malicious programs — software known as BlackPOS — used to infect the sales systems at Target and Neiman Marcus. Andrew Komarov, the chief executive of IntelCrawler, identified the software last March and reported it to Symantec and other security firms. Before both breaches, IntelCrawler said it had detected attempted attacks on point-of-sale terminals across the United States, Australia and Canada. That indicates that more companies, specifically retailers, are likely to discover attacks on their systems in the near future, company executives said.
