ATM malware discovered

Author: Gareth Halfacree
Published: 19th March 2009
Comments (18) Stumble
ATM malware discovered

Diebold cash machines are targeted by the malware samples obtained by anti-virus vendor Sophos.

The next time you get money out at a hole-in-the-wall, cross your fingers that the operating system is fully patched up; there's now malware out there which directly targets Windows-based ATMs.

According to anti-virus provider Sophos – via ITWire – code has been discovered for a piece of malware that targets automated teller machines from US manufacturer Diebold, better known for its range of voting machines.

The code for the software uses undocumented features to create a virtual 'skimmer' which is capable of recording card details and personal identification numbers without the user's knowledge, which suggests that the creator had access to the source code for the ATM. While this doesn't directly point to an inside job, the possibility certainly can't be ruled out.

Sophos believes that the code was intended to be pre-installed by an insider at the factory, and would hold transaction details until a special card was entered into the machine – at which point a nice list of card numbers, PINs, and balances would be printed out for the ne'er-do-well to peruse at his leisure. It's also possible that the malware could be installed by someone with access to the ATM's internal workings – such as the person who refills the supply of money each day.

Sophos's Graham Cluley – who has been dissecting the code since the company obtained a copy – claims that the malware is designed to “skim money from accounts in Russian, Ukrainian, and American currency” - which should make any unauthorised transactions a little more obvious here in the UK.

So far there has been no official comment from Diebold on the matter.

Starting to think that automating the removal of cash from bank accounts was a bad idea, or would it take proof that the malware is in the wild before you chop up your cash cards? Share your thoughts over in the forums.
Quote Krikkit 19th March 2009, 13:15
Now that is clever. Even though you need an employee to install it, it's still a clever method.
Quote Turbotab 19th March 2009, 13:24
I reckon Fred the Shred, might use this, as the excuse for losing £24 billion. Its wez not mes, twas the internets!
Quote Xtrafresh 19th March 2009, 13:33
lol, access to ATMs is surprisingly easy...

I saw an ATM crash to the windows desktop once, at which point i could use the touchscreen as a normal PC interface. I was able to start a command prompt, and was looking for the virtual keyboard to type "ipconfig", and then it was taken over remotely :)
Quote Burnout21 19th March 2009, 13:49
haha this is great, i wonder how long its been in use and how wide spread it is..
Quote B1GBUD 19th March 2009, 13:51
Quote:
Originally Posted by Xtrafresh
lol, access to ATMs is surprisingly easy...

I saw an ATM crash to the windows desktop once, at which point i could use the touchscreen as a normal PC interface. I was able to start a command prompt, and was looking for the virtual keyboard to type "ipconfig", and then it was taken over remotely :)

Likewise, I've seen an ATM BSOD!! I would have lol'd but it ate my card.
Quote Dr. Strangelove 19th March 2009, 14:37
Quote:
Originally Posted by B1GBUD
Likewise, I've seen an ATM BSOD!! I would have lol'd but it ate my card.

You have soo little money that your card caused a BSOD of the ATM!?????
Quote Sirwashbrook 19th March 2009, 14:52
I work for IBM and fix cash machines and other in branch machines for HSBC/Abbey around the Midlands area mainly Birmingham , We have seen a vast rise in skimming devices and they are getting harder and harder to recognise , entire front panel covers are being made and they are very hard to spot , same paint , same facia parts eg card reader lips etc even stickers , so my advice is have a poke around before you use them :) ps and we seem to think that someone with ATM knowledge could be doing this
Quote Spaceraver 19th March 2009, 15:16
Happy that my bank uses proprietary software developed only by themselves
Quote Redbeaver 19th March 2009, 15:24
Quote:
Originally Posted by Spaceraver
Happy that my bank uses proprietary software developed only by themselves

u 100% sure?
Quote Turbotab 19th March 2009, 15:34
Quote:
Originally Posted by Spaceraver
Happy that my bank uses proprietary software developed only by themselves

Even proprietary software may have been coded in India or Eastern Europe, due to outsourcing. Neither regions have the best reputation for security.
Quote Sirwashbrook 19th March 2009, 15:37
Wouldnt be so sure that the code is a secret , software gets passed around in IBM like pokemon cards to be honest , I have 3 sets of HSBC windows xp for atm's .
Quote aggies11 19th March 2009, 16:31
"Windows-based ATM" - Why does that phrase send chills down my spine? Please tell me that is not the norm...
Quote Sirwashbrook 19th March 2009, 16:40
yeah most use windows , some have independate software but are around 10 years old and about to go to windows
Quote Otto69 19th March 2009, 16:58
"Windows Genuine Advantage has determined this ATM is running pirated software, shutting down..."
Quote B1GBUD 19th March 2009, 17:50
Quote:
Originally Posted by Otto69
"Windows Genuine Advantage has determined this ATM is running pirated software, shutting down..."

http://www.feedmeastraycat.com/feed_me_a_stray_cat.jpg
Quote n3mo 19th March 2009, 23:00
Quote:
Originally Posted by aggies11
"Windows-based ATM" - Why does that phrase send chills down my spine? Please tell me that is not the norm...

It gets worse: Most ATMs use Win98, and I've personally seen some using Win95.
But then it gets better: I've also seen several running BSD.

Software and even full system HDD images from various ATMs circle around the net all the time, it's easy to find and buy one if you know where to look.
Quote Saivert 20th March 2009, 02:36
Also a lot of ATMs use OS/2 (renamed eComStation) as it was a very reliable operating system.
Quote Burnout21 20th March 2009, 09:58
i wish all ATM's were Unix based. Microsoft OS's seem to be a little excessive for an ATM, someone got rich!
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.