Windows XP ATM's Under Hacker Attacks in Europe - US Could Be Next!
June 4, 2009 by John Messina
(PhysOrg.com) -- There have been approximately 20 ATM's in Eastern Europe that have been compromised. These attacks are in the early stages of development and would probably gain momentum and even spread to US ATM machines.
A security outfit, TrustWave's SpiderLabs performed the analysis of malware found installed on compromised ATMs in the Eastern European region. The ATM's that were compromised ran Microsoft Windows XP. The malware captures magnetic stripe data and PIN codes from the private memory space of transaction-processing applications installed on infected ATM.
The attacker can gain full control of the infected ATM through a customized user interface built into the malware. This is accomplished by inserting a controller card into the ATM's reader.
TrustWave's analyses don't believe the malware has networking functionality that would send data to other, remote locations over the Internet. The malware would output the harvested data through the ATM's receipt printer or write the data to a storage device inserted into the ATM's card reader.
TrustWave stated; "this malware is unlike any we have ever had experience with. It allows the attacker to gain complete control over the ATM to obtain track data, Pins and cash from each infected machine."
"We believe the current attack vector is an early version of the malware sample, and future attacks will add functionality such as propagation via the ATM network. If an attacker can gain access to one machine, the malware will evolve and propagate automatically to other systems."
A dropper file named isadmin.exe, is installed into the ATM and executed within the C:\WINDOWS directory of the compromised machine. The malware then proceeds to control the Protected Storage service that would handle the original lsass.exe executable file, located in the C:\WINDOWS\system32 directory, to point to the infected file.
The malware is designed to remain active in the event the ATM crashes and has to restart.
© 2009 PhysOrg.com
-
Hacking Citibank's Virtual Keyboard
May 12, 2007 |
not rated yet |
0
-
The Raging Windows Worm has attacked over 8.9 Million Computers
Jan 19, 2009 |
not rated yet |
0
-
Conficker Worm Prepares For A New Release On April 1
Mar 27, 2009 |
not rated yet |
0
-
Microsoft reminds users about Feb. 3 virus
Feb 01, 2006 |
not rated yet |
0
-
2007 looks like year of 'malware'
Sep 18, 2007 |
not rated yet |
0
-
Engineers build first sub-10-nm carbon nanotube transistor
Feb 01, 2012 |
4.9 / 5 (30) |
30
-
Something old, something new: Evolution and the structural divergence of duplicate genes
Jan 31, 2012 |
4.6 / 5 (7) |
1
-
The hidden nanoworld of ice crystals: Revealing the dynamic behavior of quasi-liquid layers
Jan 30, 2012 |
5 / 5 (3) |
1
-
Stock market network reveals investor clustering
Jan 27, 2012 |
3.9 / 5 (23) |
8
-
Of microchemistry and molecules: Electronic microfluidic device synthesizes biocompatible probes
Jan 26, 2012 |
5 / 5 (1) |
0
-
Empirical data regarding shower heads and water
6 hours ago
-
feed hold button on CNC lathe
Feb 09, 2012
-
RFAC in Fortran
Feb 09, 2012
-
dynamics 2/32
Feb 08, 2012
-
dynamics
Feb 08, 2012
-
Vibration Absorbtion Problem
Feb 08, 2012
- More from Physics Forums - General Engineering
More news stories
New error-correcting codes guarantee the fastest possible rate of data transmission
Error-correcting codes are one of the triumphs of the digital age. Theyre a way of encoding information so that it can be transmitted across a communication channel such as an optical fiber o ...
Technology / Computer Sciences
43 minutes ago |
5 / 5 (2) |
0
|
Advanced power-grid model finds low-cost, low-carbon future in West
(PhysOrg.com) -- The least expensive way for the Western U.S. to reduce greenhouse gas emissions enough to help prevent the worst consequences of global warming is to replace coal with renewable and other ...
Technology / Energy & Green Tech
10 minutes ago |
5 / 5 (1) |
0
|
Small modular reactor design could be a 'SUPERSTAR'
(PhysOrg.com) -- Though most of today's nuclear reactors are cooled by water, we've long known that there are alternatives; in fact, the world's first nuclear-powered electricity in 1951 came from a reactor ...
Technology / Energy & Green Tech
3 minutes ago |
not rated yet |
0
|
US video game sales fall 34 percent in January
(AP) -- U.S. retail sales of video game hardware, software and accessories fell 34 percent in January from a year earlier to $751 million due to the lack of new game titles, according to market researcher NPD Group.
3 hours ago |
not rated yet |
2
Zynga partners with toy maker Hasbro
Old school toy maker Hasbro and online social game star Zynga on Thursday announced a partnership to mesh the Internet firm's hits with real-world products.
2 hours ago |
not rated yet |
0
A frank discussion of the power law and linking correlation to causation
(PhysOrg.com) -- Michael Stumpf a mathematics professor at Imperial College in London, and Mason Porter a lecturer at Oxford have teamed together to write and publish a perspective piece in Science regarding the in ...
Mars Science Laboratory computer issue resolved
(PhysOrg.com) -- Engineers have found the root cause of a computer reset that occurred two months ago on NASA's Mars Science Laboratory and have determined how to correct it.
High school students test best with 7 hours' rest
(Medical Xpress) -- Whether or not you know any high school students that actually get nine hours of sleep each night, thats what federal guidelines currently prescribe.
The question of life in the ancient world
Theres a general feeling that we dont get the Greeks ancient or modern. Many, including heads of state like Angela Merkel, visibly shake their head in exasperation, rightly or wrongly, at ...
Study suggests girls can 'rewire' brains to ward off depression
(Medical Xpress) -- What if you could teach your brain to respond differently to things that make you feel sad, down or stressed out? What if doing that helped ward off depression?
UNC investigator issues call to action for schizophrenia research
(Medical Xpress) -- Much of medical research is aimed at figuring out what role a single gene or molecule plays in the development of disease.
Jun 04, 2009
Rank: 3.7 / 5 (3)
Jun 04, 2009
Rank: 5 / 5 (3)
Jun 04, 2009
Rank: 3 / 5 (4)
In former times, ATMs used to run OS/2. They never got hacked.
Jun 04, 2009
Rank: 4.5 / 5 (2)
Jun 04, 2009
Rank: 4 / 5 (1)
Jun 04, 2009
Rank: 5 / 5 (3)
Is this the same group that leaves US military desktops connected to the internet without firewalls and then tells the world "We're under attack!"?
Jun 04, 2009
Rank: 1 / 5 (2)
It really shows that whatever this banks IT security policy is for ATM systems is SEVERELY lacking.
Different banks will have different security.
In my thinking here, an ATM machine doesnt contact another ATM machine from another bank to get approval to take out cash (they connect back to their systems at the main bank datacenter who then will check against another bank if necessary and then reply back to the ATM on whether or not to spit out the funds), therefore, fundamentally, the trojan cannot spread via those means. This is most likely why the code does not include a replication mechanism, and possibly never will. The developers will have to figure out how to propagate into the banks actual backend network in order to do that, and from there, they can infect only that banks ATMs (but, the whole network of them). From there they also have a better potential of intruding another banks networks, again, depending on the other banks security.
The media is just trying to make this "scareware" to have a bunch of bs stories to tell about technologies they dont understand whatsoever.
Jun 04, 2009
Rank: not rated yet
Although the new Windows-based technology was implemented primarily to allow ATM firms to gain additional revenue through on-screen advertisments, it may also pose some interesting 'unforeseen' possibilities and consequences.
Suppose, for instance, an ATM firm wished to encroach upon the territories of a competitor. An employee of the firm could simply pose as a customer attempting to use one of the competitor's machines, while in reality employing a card for the purpose that had been cleverly re-programmed in such a manner as to inject a malware. The advent of the proposed new 'chip-and-pin' card readers could possibly make this even easier, as the chip on the card must be accessed by the machine directly.
The malware injected would not even have to be purposed towards skimming. All that would really be required would be a partial shutdown or corruption of the targeted machine; anything that would further erode the site owner's confidence in the competitor firm's ability to provide effective service and reliable machine operation. The sales representative of the attacking firm could then approach the victimised client with a "better deal" offer, and so gain that site's transaction revenues.
I think I'll stick with the older machines, thanks. They cost less to service, anyway.
Jun 05, 2009
Rank: 5 / 5 (2)
They investigated them and found that ATMs can be compromised with specially designed card - exploit.
Jun 05, 2009
Rank: 5 / 5 (2)
Jun 07, 2009
Rank: not rated yet
Jun 07, 2009
Rank: not rated yet
No, it isn't that frigging difficult. It's just that it doesn't fit in Microsoft's plan for world domination.
Jun 08, 2009
Rank: not rated yet
What matters most is not whether anyone pays any attention to full-motion advertisements displayed on ATM machines, but rathermore the fact that ATM firms are now able to garner additional revenue by selling that extra service.
Jun 11, 2009
Rank: not rated yet