First ATM trojan discovered
Written by IT News on 10:27 PMResearcher’s security antivirus Sophos has detected a Trojan that can infect the operating system of ATMs and the hook at the software developed by one of the leading global suppliers of those products, Diebold. The malware can track transactions and enter the PIN is entered credit card number.
The malware, detected by Sophos as Troj / Skim-A, were analyzed by Vanja Svájc, principal virus researcher at SophosLabs, UK. Mr. Svajcer notes that he had the idea to try such malware after a friend working at a bank, said the items that Diebold machines were infected in Russia.
Researchers have found three Diebold-related files that have been submitted by anonymous user via Virus Total service. It does a more thorough analysis of the samples, concluded that one of them is a trojan dropper, which disables the storage and installs a file called Lsass.exe (not legitimate one in Windows).
Further analysis showed that the trojan is able to record keyboard and store data in encrypted form. It is also able to print, suggesting that participants in this system were probably planning to send money mules "to recover the data." If you look at the code that makes us think that it may be possible that a criminal can obtain a paper in a special infected ATM, which then provide the ATM to print encrypted information on the stolen credit cards and PIN on what is normally host slipping "Graham Cluley, senior technology consultant Sophos says.
The file that uses features of ATM Diebold 91x agilis software to manipulate the magnetic strip. Since these functions are not documented and not available to the public, Svájc concludes that "malware seems to be the work of a programmer with good knowledge of the internal parts of the Diebold machines." In addition, physical access is most likely necessary for the installation of malware in the first instance to point to job insiders.
The Register reports that Diebold has been aware of the harmful program since January, when it was used in Russia in an attempt to intercept the transaction. The company has issued an advisory to its customers with a software update. It should also be noted that several suspects arrested by local authorities, who are still investigating the crime. The fact that the trojan monitors the transactions in U.S. dollars, plus Russian and Ukrainian currencies, shows that it originated in Eastern Europe.
This could be the first episode of fraudsters using malware to infect the ATMs, but this is not the first time, an insider involved in the manipulation of the results of payment instruments. Already in October 2008, we reported that hundreds of amendments "chip and pin" devices discovered in stores across Europe. They shared the defeat was so complex and seamlessly that the products can be edited directly from the factory in China, before being transported from accomplices in Europe.
0 comments: Responses to “ First ATM trojan discovered ”