Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Malware targetting banks ATM's InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Malware targetting banks ATM's

Published: 2009-06-04
Last Updated: 2009-06-04 11:13:34 UTC
by Raul Siles (Version: 2)
3 comment(s)

Interesting recent article (June 2009), thanks Martin, about evolving malware specimens targeting and compromissing bank ATM (Automated Teller Machines) devices in Eastern Europe. It complements a previous similar article (March 2009, original post) . Additional  technical details are available here (PDF file).

The most interesting sections are its advanced ATM specific capabilities (hey, the ATM has a printer, so let's use it), the backdoor management interface (with different privilege levels), the option to force the machine to dispense all its cash, and that it works against ATM's from multiple vendors (although all ATM's were Windows XP based).

The main point is, really, how did the ATM's get infected in the first place? Physical access is mentioned (insider threat?), but I wonder: Would we see this kind of malware silently spreading through the banks private financial networks?

Do you trust your bank ATM's?

Raul Siles

Keywords: ATM malware
3 comment(s)
Diary Archives