Visa Inc. Data Security Alert - Malicious Software

Malicious software or “malware” is designed to damage or infiltrate computer systems. The following malware examples were recently identified through computer forensic investigations coordinated by Visa. A comprehensive list of malware and MD5 hash values can be found in the Table 1 attachment.

• BP0.exe is a remote command shell “backdoor” that allows remote attackers to use the windows command shell to interact with the compromised server and run commands. This malware is hardcoded with a fixed IP address.


• Wiadebyls.dll is a password collector that gathers user credentials as they are used. The malware then transmits those credentials to a hard-coded IP address using the HTTP protocol.


• Wininet.exe is a packet sniffing program configured to capture payment data on the network.


• Wuauclt.exe is a key logger program configured to capture keystrokes and payment data on a point-of sale (POS) terminal.


• SN.exe is a packet sniffer. Other variants of this malware exist with the ability to filter and log activities.

Download the Visa Data Security Alert - Malicious Software.