New ATM Malware Captures PINs and Cash: Via Threat Level.

Security researchers have found malware planted on ATMs in Eastern Europe that captures PINs and magnetic stripe data from the machine’s memory and instructs the machines to spit out cash, eliminating the need for primitive skimming devices and advancing the tradecraft of card thieves to a new level.

“This malware is unlike any we have ever had experience with,” said Nick Percoco in a statement. Percoco is vice president and head of Trustwave’s SpiderLabs Incident Response Team, based in Chicago, which was called in to investigate the matter this last spring.

The malware was found on 20 machines in Russia and Ukraine that were all running Microsoft’s Windows XP operating system. At least one machine was infected as early as July 2007 and researchers said they’ve seen advanced versions of the malware that indicates the attackers have been perfecting it since then.

The attack requires an insider, such as an ATM technician or anyone else with a key to the machine, to place the malware on the ATM. Once that’s done, attackers can insert a control card into the machine’s card reader to trigger the malware and give them control of the machine through a custom interface and the ATM’s keypad.

The malware captures account numbers and PINs from the machine’s transaction application and then delivers it to the thief on a receipt printed from the machine in an encrypted format or to a storage device inserted in the card reader. A thief can also instruct the machine to eject whatever cash is inside the machine. A fully loaded ATM can hold up to $600,000.

Trustwave issued an alert that provides technical details (.pdf) about how the malware works.

The malware was placed on ATMs made by various unspecified vendors. Trustwave spokeswoman, Michelle Genser wouldn’t say how many banks were involved or which ones. She also wouldn’t say how much loot the thieves captured from the machines.

The researchers found signs that the malware was moving to machines in the U.S. and elsewhere, but wouldn’t discuss the nature of those signs.

“They usually start in one country as a testbed and once they realize it’s executable in other countries, it spreads quickly,” she said.

Photo: Random ATM; Thetruthabout/Flickr

See also:

• PIN Crackers Nab the Holy Grail of Credit Card Security
• UK Man Sues Bank Over ‘Phantom’ Withdrawals from Chip-and-PIN Account
• Global ATM Caper Nets Hackers $9 Million in One Day

Read Original Article:(Via Threat Level.)

Bookmark/Search this post with:
• Twitter
• Digg
• StumbleUpon
• Technorati
• del.icio.us
• Facebook
• Furl
• LinkedIn
• Yahoo