Slashdot Mirror

← Back to Stories (view on slashdot.org)

Infected ATMs Give Away Millions of Dollars Without Credit Cards

Posted by Soulskill on from the i'll-order-a-dozen dept.

An anonymous reader writes: Kaspersky Lab performed a forensic investigation into cybercriminal attacks targeting multiple ATMs around the world. During the course of this investigation, researchers discovered the Tyupkin malware used to infect ATMs and allow attackers to remove money via direct manipulation, stealing millions of dollars. The criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.

3 of 83 comments (clear)

  1. This doesn't add up by drsquare · · Score: 4, Interesting

    If you have access to the ATM physically, why not just take the cash there and then?

    1. Re:This doesn't add up by PRMan · · Score: 5, Interesting

      You can actually punch a hole in many popular ATMs and there is a live USB port right behind it. This has been discussed repeatedly as a security problem. I don't know if they fixed that one, but there could be more or it could be really slow to be fixed. http://www.extremetech.com/ext...

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
  2. Re:These on XP? by mythosaz · · Score: 3, Interesting

    Many, yes.

    Some kiosk versions of XP are still getting patched.

    Windows XP Professional for Embedded Systems. This product is identical to Windows XP, and Extended Support will end on April 8, 2014.
    Windows XP Embedded Service Pack 3 (SP3). This is the original toolkit and componentized version of Windows XP. It was originally released in 2002, and Extended Support will end on Jan. 12, 2016.
    Windows Embedded for Point of Service SP3. This product is for use in Point of Sale devices. It’s built from Windows XP Embedded. It was originally released in 2005, and Extended Support will end on April 12, 2016.
    Windows Embedded Standard 2009. This product is an updated release of the toolkit and componentized version of Windows XP. It was originally released in 2008; and Extended Support will end on Jan. 8, 2019.
    Windows Embedded POSReady 2009. This product for point-of-sale devices reflects the updates available in Windows Embedded Standard 2009. It was originally released in 2009, and extended support will end on April 9, 2019.