ELECTION 2010 Election 2010 Free Daily IT Newsletter
PDFPrintE-mail

ATM malware may help snatch your cash

By Stephen Withers
Wednesday, 18 March 2009 08:07

Your IT - Home IT

Page 1 of 2
A prominent security vendor has come across malware targeting ATMs and implementing a virtual card skimmer.

Related Articles

Security vendor Sophos has revealed that it has obtained malware samples that appear to specifically target Diebold ATMs.

It appears to be an inside job, as it uses undocumented functions of the ATM software and appears to use the printer. This suggests the people behind the malware have access to the Diebold software (perhaps as a result of disassembling the code from an actual ATM) as well as physical access to one or more operational ATMs.

Maybe it wasn't such a good idea to liberalise the ATM market. When they were the exclusive domain of banks and similar financial institutions, you could be confident that the people involved had been reasonably well vetted.

But the outsourcing of routine maintenance such as loading the machines with cash, plus the spread of third-party ATMs means we can no longer be quite so confident that everyone that has access to the devices is an upstanding citizen.

According to Sophos, the malware is a Trojan - which implies that it must be explicitly run on the target system, as opposed to a worm that might find its way in over a network.

Apparently the code 'skims' the details read from the magnetic card, logs the PIN entered by the user, parses the transaction details, and prints the stolen data.

How might the malware get into an ATM? Please read on.


«StartPrev12NextEnd»

SPONSORED ANNOUNCEMENTS

AVG Threat Labs to Provide Innovative, Free Detection Tools to Internet Community

Friday, 03 Sep 2010

AVG Technologies, developers of the world’s most popular free anti-virus software, today announced a limited public beta test of its new online tool, AVG Threat Labs. Designed to help consumers combat criminal elements on the Web, Threat Labs is an innovative online information portal that merges the quantitative Web threat detection data that AVG routinely collects from its almost 100 million users with data from AVG’s LinkScanner technology.

Blink Mobile: More Than One in Three Victorian Councils Chart IT Strategy for Mobilising Ratepayer Services
StayinFront Adds On-Demand CRM Option for Life Sciences
Tufin appoints M.Tech as Australian distributor
Introducing ‘Mr Knowitall’: An Experiential Online Campaign From Samsung Mobile

Editors Picks

Stories you may have missed

D-Day: Independents' election decision likely

Will Apple’s Ping pong?

Skype extends videoconferencing to 10 users
 

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases