Stephen Withers
Wednesday, 18 March 2009 08:07
Your IT -
Home IT
Page 2 of 2
You can imagine a scenario where a corrupt ATM replenisher runs the Trojan, then on the next visit collects the printout - and possibly cleans out the malware to minimise the risk of detection.
Sophos has also hypothesised that the stolen information may be encrypted for local storage until a specially-coded card is inserted, which triggers a printout of the card details and PINs.
Another possibility, according to the company, is that the Trojan was intended to be installed by someone with access to the ATMs during the manufacturing process.
(There were reports last year that hundreds of 'chip and pin' EFTPOS devices shipped to European stores had been fitted with covert hardware that forwarded card details to Pakistan via mobile phone.)
The good news - for most of us, anyway - is that "it appears that the malicious code is designed to skim money from accounts in Russian, Ukrainian and American currency," according to Sophos's Graham Cluley.
If your account isn't based on one of those currencies, a 'foreign' transaction should be particularly obvious on a statement or a transaction list obtained via Internet banking.
Just one more reason to keep a close eye on your accounts!