By Juha Saarinen
ZeroAccess rootkits cleaned out.
Details of the malware infestation have been made public in a case study by Pizza Hut’s security partner Webroot.
In the case study, Pizza Hut said 20 percent of its 300 Australian stores suffered varying amounts of downtime as a result of ‘steadily increasing’ malware infections over the12-month period in 2013.
For the 60 Pizza Hut stores affected, trade was halted for up to two hours per incident. In some cases, the infected machines had to be re-imaged, whick took the store offline for an entire day.
A Webroot spokesperson told iTnews the most commonly found malware found in the Pizza Hut franchises were variants of the ZeroAccess rootkit [PDF].
On top of ZeroAccess, Webroot told iTnews there were “various hijackers and fake AVs [anti-viruses]” operating.
“In a lot of cases, services and executables for the PoS were disabled or unable to be run,” a spokesperson said.
“Some hijackers prevented the PoS application programming interface from being able to respond to order transmission, meaning that the order transmission failed.”
The Pizza Hut IT team reviewed the company’s existing signature-based security solution and found that it was not delivering adequate detection rates or clean-up ability.
ZeroAccess runs on Windows and had been active since July 2011, infecting millions of systems around the world, until a Microsoft-led operation disabled the botnet in December last year.
At the time, ZeroAccess was used to commit advertising click fraud, hijack search results and redirect users to websites to install malware that would steal personal data, as well as to take over the victim machine for Bitcoin mining.
Neither Webroot nor Pizza Hut would detail whether customer details or financial transactions had been compromised.
Pizza Hut’s IT team said it cleaned up the malware infestation in a three-month operation including the installation of Webroot’s cloud-based anti-virus system.