Trojans in ATMs from East EuropeA whole family of data-pilfering trojans nestled inside Eastern European automatic teller machines (ATMs) for over the past eighteen months has been recently found by security experts from the TrustWave security firm. What's more, this has been going on since about two years ago, with at least sixteen updates to the software by the meticulous and lawbreaking authors of the program. Money ATMs infected by Trojans to steal moneyNicholas Percoco, the head and vice-president of SpiderLabs, noted that the ATM hijackers were following more of a rapid development cycle for their malware wherein they test what works, improve on flaws, and then put the new features in the next iteration. The hackers don't only have the audacity to defraud people of their personal information using ATM trojans; they also have the persistence to do it repeatedly until they perfect their sinister craft. Once the trojan has infected the ATM, it looks for track 2 data stored on ATM cards inside the ATM's transaction message queue. If it has information that is owned by a bank client, it registers it and the accompanying PIN code into its database. When this type of card is used, the machine's display features a window providing ten options that can be picked out with the keypad. You have the option of restoring log files to the state it was in before the malware infection, printing stashed banking information, and outright uninstalling the malware. There are records for another feature that allows the delivery of stolen card information to a chip on the modified card, but that nonexistent capability appears to be in the initial stages of development. At any rate, these trojan discoveries substantiate earlier reports by Sophos last March concerning card-info-stealing malware that besieged ATMs manufactured by Diebold. |