Pizza Hut's PoS systems suffer year-long malware blast

Fast food franchise Pizza Hut has revealed its chain of stores fell victim to a year-long malware campaign in 2013 which hit point of sales systems and caused order transmissions to fail.

Details of the malware infestation have been made public in a case study by Pizza Hut's security partner Webroot.

In the case study, Pizza Hut said 20 percent of its 300 Australian stores suffered varying amounts of downtime as a result of 'steadily increasing' malware infections over the12-month period in 2013.

For the 60 Pizza Hut stores affected, trade was halted for up to two hours per incident. In some cases, the infected machines had to be re-imaged, whick took the store offline for an entire day.

A Webroot spokesperson told iTnews the most commonly found malware found in the Pizza Hut franchises were variants of the ZeroAccess rootkit [PDF]. 

On top of ZeroAccess, Webroot told iTnews there were "various hijackers and fake AVs [anti-viruses]" operating.

"In a lot of cases, services and executables for the PoS were disabled or unable to be run," a spokesperson said.

"Some hijackers prevented the PoS application programming interface from being able to respond to order transmission, meaning that the order transmission failed."

The Pizza Hut IT team reviewed the company's existing signature-based security solution and found that it was not delivering adequate detection rates or clean-up ability.

ZeroAccess runs on Windows and had been active since July 2011, infecting millions of systems around the world, until a Microsoft-led operation disabled the botnet in December last year.

At the time, ZeroAccess was used to commit advertising click fraud, hijack search results and redirect users to websites to install malware that would steal personal data, as well as to take over the victim machine for Bitcoin mining.

Neither Webroot nor Pizza Hut would detail whether customer details or financial transactions had been compromised.

Pizza Hut's IT team said it cleaned up the malware infestation in a three-month operation including the installation of Webroot's cloud-based anti-virus system.

The fast food franchise was also struck by two hackers in March last year who defaced the Pizza Hut website, stole customer data and published links to rival pizza retailer Domino's website from the disfigured site.