We discovered a suspicious program titled IKNX.exe instantiated in the C:\Windows\Windows32\28356(?)\ subdirectory. The program created an exception in the Windows Firewall to allow it to communicate to an external address u15364142.online-server.com:Ftp-data. The program infected three of our LAN clients running End-Point Protection, two of which are POS stations. We believe IKNX was used by an attacker to compromise customer credit card data.
Has anyone had experience with this code, it is apparently undefined by Symantec. The only reference we have found is to iKNX, an open source code (OpenRemote.org) for creating GUIs for the iPhone intended to control home and office appliances, lighting, computers, etc.
Thanks for any responses,
SRSCooks