The malware's author forgot to hide an active browser window where he was logged into Vkontakte -- a social networking site popular in Russian-speaking countries -- when recording the private demonstration video. This allowed the CERT-GIB researchers to gather more information about him and his associates, Komarov said.
The BlackPOS author uses the online alias "Richard Wagner" on Vkontakte and is the administrator of a social networking group whose members are linked to the Russian branch of Anonymous. The Group-IB researchers determined that the members of this group are under 23 years old and are selling DDoS (distributed denial of service) services with prices starting at US$2 per hour.
Companies should restrict remote access to their POS systems to a limited set of trusted IP (Internet Protocol) addresses and should make sure that all security patches are installed for the software running on them, Komarov said. All actions performed on such systems should be monitored, he said.