The Trustwave SpiderLabs, an outfit that deals with everything from ethical hacking through to incident response and security forensics, is warning that the bank cash machine network is at risk from a malware attack that collects PIN numbers.
The SpiderLabs team reports that it has been able to perform an analysis of the malware, which had been discovered on compromised East European cash machines running Windows XP.
The malware was able to capture the magnetic stripe data from the private memory space of transaction-processing applications that were installed on these compromised ATMs, along with PIN codes for good measure.
Courtesy of some advanced management functionality found within the malware code, the attackers are able to control the compromised cash machines via a customised interface which can be accessed by simply inserting a controller card into the ATM card slot.
The stolen data can then be printed using the receipt printer built into the ATM, or output via the card reader to a suitable storage device. SpiderLabs do not believe that there is any networking functionality built into the malware, however.
I understand that the malware can be installed, and activated, by way of a Borland Delphi Rapid Application Development executable that replaces the original isadmin.exe utility file. Executing this dropper produces the malware file within the C:\WINDOWS directory of the machine.
This is not the first time that ATM security has left customers vulnerable nor will it be the last.
Trustwave warns it "highly recommends ALL financial institutions with ATMs under management perform analysis of their environment to identify if this malware or similar malware is present. Trustwave collected multiple version of this malware and therefore, feels that over time it will
A list of my faves
- The Curious Cat Lives
- This Could Happen To You
- Girls Doing Men
- Alltop Oddities
- Herald Police Blotter
- My Man Mumbles
- Girl power at its finest
- Super cool T's
- Straight Talk