ATM malware plagues Russia

ATM malware plagues Russia

Tags:   Data breaches and prevention strategies  Debit and credit card fraud prevention  Emerging attacks to financial institutions

By Marcia Savage | Jun 5, 2009

Trustwave investigators said malware used in several ATM breaches in Eastern Europe allows attackers to take over the machines and dump cash from them.

Trustwave, a Chicago-based provider of information security and payment card industry compliance services and products, uncovered the malware while investigating ATM breaches in Russia and Ukraine over the past few months. About 20 ATMs were infected with sophisticated malware that allowed attackers to not only steal track data and PINs but cash, said Nicholas Percoco, vice president and head of Trustwave's SpiderLabs security team.

The breaches appear to be inside jobs since an attacker needs physical access to the ATM in order to install and execute the malware, according to Trustwave. Percoco said an attacker could be someone who gets a copy of the keys to the ATM, opens the machine and loads the malware onto the system.

Attackers can then use a card at the infected machine that looks like an ATM card but with track data that triggers the malware, which has a built-in user interface, he said. "You insert this modified ATM card, remove it and up comes an interface screen that asks you what you want to do," Percoco said.

Depending on the number of functions available on the controller card, a criminal could view the number of transactions on the machine or print harvested card data onto the ATM's receipt printer. A multi-function card could allow the attacker to dispense cash from the machine, which could be up to $600,000 on large ATMs, Percoco said. That gives attackers a potentially bigger haul than stealing card track data and PINs, which limits them to the amount of money of money in a person's account, he said.

"With this, they can walk up with a bag and let the machine empty into it," he said.

The compromised ATMs ran Microsoft's Windows XP, but Trustwave can't disclose the ATM software the malware targets, Percoco said. He said researchers believe the malware is related to the malware used in attacks on Diebold ATMs in Russia earlier this year, but said it targets multiple vendors, is much more advanced and continues to evolve and spread. Trustwave collected multiple versions of the malware.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Comments

Comments

شات

Submitted by Anonymous on 21 August 2009 - 8:07pm.

شات صوتي
خليجي

شات صوتي سعودي

شات صوتي قطري

شات صوتي

دردشة صوتية

شات صوتي كويتي


العاب
,  
شات ,
توبيكات
,
دليل دردشات
, توبيكات
, منتدى
,
شات سعودي ,
شات خليجي ,
دردشة سعودية
,
شات صوتي ,

سعودي كول ,

الشلة

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Consumer products and services in the enterprise
Top 10 tips for protecting sensitive data from malicious insiders
PCI tokenization on the rise
Federal government may step in to ensure privacy protection
Customer voices out concerns on software vulnerability disclosure

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS