"First, the malware that infected Target's checkout counters [point of sale] extracted credit numbers and sensitive personal details," Seculert's research lab officials posted Thursday in a blog after running a sample of the malware. "Then, after staying undetected for six days, the malware started transmitting the stolen data to an external FTP [file transfer protocol] server, using another infected machine within the Target network."
The transmissions occurred during a two-week period beginning Dec. 2, the blog said.
Seculert, based in Menlo Park, Calif., said none of the stolen Target data was still on the external server and an analysis of publicly available access logs indicates Target was the only retailer affected.
Minneapolis-based Target first revealed the data breach in December during the height of the holiday shopping season. It first said debit card and credit card data from up to 40 million customers were compromised -- then on Jan. 10 said a separate attack stole data from up to 70 million more customers.