Cybercriminals are improving a malicious software program that can be installed on ATMs running Microsoft's Windows XP operating system that records sensitive card details, according to security vendor Trustwave.
The malware has been found on ATMs in Eastern European countries, according to a Trustwave report.
The malware records the magnetic stripe information on the back of a card as well as the PIN (Personal Identification Number), which would potentially allow criminals to clone the card in order to withdraw cash.
The collected card data, which is encrypted using the DES (Data Encryption Standard) algorithm, can be printed out by the ATM's receipt printer, Trustwave wrote.
The malware is controlled via a GUI that is displayed when a so-called "trigger card" is inserted into the machine by a criminal. The trigger card causes a small window to appear that gives its controller 10 seconds to pick one of 10 command options using the ATM's keypad.
"The malware contains advanced management functionality allowing the attacker to fully control the compromised ATM through a customized user interface built into the malware," Trustwave wrote.
A criminal can then view the number of transactions, print card data, reboot the machine and even uninstall the malware. Another menu option appears to allow the ejection of an ATM's cash cassette.
Trustwave has collected multiple versions of the malware. The company believes that the particular one it analyzed is "a relatively early version of the malware and that subsequent versions have seen significant additions to its functionality."
The company advised banks to scan their ATMs to see if they're infected.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (27)
Windows on ATMsBy Anonymous on June 4, 2009, 3:10 pmMay I be the first to inquire as to why on earth are banks running Windows on their ATMs. Surely this is not entirely unexpected
Reply | Read entire comment
not sure you can totallyBy Anon on June 4, 2009, 3:23 pmnot sure you can totally blame banks. ATM vendors have to at least share in the blame. I imagine they moved to Windows to reduce costs (cheaper and easier to hire...
Reply | Read entire comment
How did it get there anyway?By Anonymous on June 4, 2009, 3:37 pmSo you gotta ask how they managed to get the code on there in the first place. If they had pysical access to the machine then ANY OS would be a risk.
Reply | Read entire comment
PIN Numbers aren't stored on the card.By amascuba on June 4, 2009, 3:44 pmI think that this story is half bogus. PIN numbers aren't stored on a debit card. They are stored on a server located at a transaction network, that a bank uses...
Reply | Read entire comment
I'd worry about the cablingBy Anonymous on June 4, 2009, 3:47 pmI dont' know about you, but I tend to use only ATMs that are physically contained in wall or similar enclosure. I will not use any stand-alone ATM (apart from one...
Reply | Read entire comment
Not the card--the software is on the ATMBy Anonymous on June 4, 2009, 3:50 pmSince the software gets installed on the ATM, the PIN is picked up by a keystroke logger program. Since users need to enter the PIN to complete a transaction, the...
Reply | Read entire comment
View all comments