It appears to be an inside job, as it uses undocumented functions of the ATM software and appears to use the printer. This suggests the people behind the malware have access to the Diebold software (perhaps as a result of disassembling the code from an actual ATM) as well as physical access to one or more operational ATMs.
Maybe it wasn't such a good idea to liberalise the ATM market. When they were the exclusive domain of banks and similar financial institutions, you could be confident that the people involved had been reasonably well vetted.
But the outsourcing of routine maintenance such as loading the machines with cash, plus the spread of third-party ATMs means we can no longer be quite so confident that everyone that has access to the devices is an upstanding citizen.
According to Sophos, the malware is a Trojan - which implies that it must be explicitly run on the target system, as opposed to a worm that might find its way in over a network.
Apparently the code 'skims' the details read from the magnetic card, logs the PIN entered by the user, parses the transaction details, and prints the stolen data.
How might the malware get into an ATM? Please read on.