Wednesday, 18 March 2009 09:07

ATM malware may help snatch your cash

A prominent security vendor has come across malware targeting ATMs and implementing a virtual card skimmer.

Security vendor Sophos has revealed that it has obtained malware samples that appear to specifically target Diebold ATMs.

It appears to be an inside job, as it uses undocumented functions of the ATM software and appears to use the printer. This suggests the people behind the malware have access to the Diebold software (perhaps as a result of disassembling the code from an actual ATM) as well as physical access to one or more operational ATMs.

Maybe it wasn't such a good idea to liberalise the ATM market. When they were the exclusive domain of banks and similar financial institutions, you could be confident that the people involved had been reasonably well vetted.

But the outsourcing of routine maintenance such as loading the machines with cash, plus the spread of third-party ATMs means we can no longer be quite so confident that everyone that has access to the devices is an upstanding citizen.

According to Sophos, the malware is a Trojan - which implies that it must be explicitly run on the target system, as opposed to a worm that might find its way in over a network.

Apparently the code 'skims' the details read from the magnetic card, logs the PIN entered by the user, parses the transaction details, and prints the stolen data.

How might the malware get into an ATM? Please read on.

You can imagine a scenario where a corrupt ATM replenisher runs the Trojan, then on the next visit collects the printout - and possibly cleans out the malware to minimise the risk of detection.

Sophos has also hypothesised that the stolen information may be encrypted for local storage until a specially-coded card is inserted, which triggers a printout of the card details and PINs.

Another possibility, according to the company, is that the Trojan was intended to be installed by someone with access to the ATMs during the manufacturing process.

(There were reports last year that hundreds of 'chip and pin' EFTPOS devices shipped to European stores had been fitted with covert hardware that forwarded card details to Pakistan via mobile phone.)

The good news - for most of us, anyway - is that "it appears that the malicious code is designed to skim money from accounts in Russian, Ukrainian and American currency," according to Sophos's Graham Cluley.

If your account isn't based on one of those currencies, a 'foreign' transaction should be particularly obvious on a statement or a transaction list obtained via Internet banking.

Just one more reason to keep a close eye on your accounts!


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments