Irregular Expressions

Apr 12 2010   11:53AM GMT

ATM Malware – Part 1

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

A former Bank IT worker has been charged with installing malware on ATM machines with Bank of America, the amount of money that he stole is not posted anywhere that I can find but it is above $5,000.

There is no specific information about the malware that he used to commit the fraud.

On a related note I have found some technical information regarding malware discovered on European ATM’s that is finding it’s way into North America. The primary function of the malware is to capture mag stripe and pin information as customers use the ATM, it also has the ability to arbitrarily dispense cash from the ATM.

The malware appears to be controlled by inserting controller cards into the card reader ( Neat! ) displaying the control interface and allowing the user to preform a variety of functions on the terminal.  It intercepts the information as it’s processed on the system and stores it in the C:\Windows\ dir as a file called ‘kl’.

The story on the Bank of America guy is here http://www.wired.com/threatlevel/2010/04/bank-of-america-hack/

Information on the malware is here http://www.wired.com/threatlevel/2009/06/new-atm-malware-captures-pins-and-cash

And here is the link to the pdf write up about the malware http://www.wired.com/images_blogs/threatlevel/2009/06/trustwave-security-alert-atm-malware-analysis-briefing.pdf

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: