Updated Skimer Malware Infects ATMs Worldwide

An anonymous reader writes: Researchers at Kaspersky have discovered an improved version of Backdoor.Win32.Skimer infecting ATM machines worldwide. The new Skimer allows criminal access to card data, including PIN numbers, as well as to the actual cash located in the machine. The malicious installers use the packer Thermida to disguise the Skimer malware which is then installed on the ATM. If the ATM file system is FAT32, the malware drops the file netmgr.dll in the folder C:\Windows\System32. If the ATM has an NTFS file system, netmgr.dll is placed in the executable file of the NTFS data stream, which makes detection and analysis of the malware more difficult. Skimer may lie dormant for months until it is activated with the phsyical use of a "magic card," which gives access control to the malware, and then offers a list of options that are accessed by inputing a choice on the pin pad. The user can then request the ATM to: show installation details, dispense money, start collecting the details of inserted cards, print collected card details, self delete, enable debug mode, and update. Here's a video of the Skimer malware in action.

Missing an M?

[BigU+03C0mpin]

What's a Skimer?

Re:Missing an M?

Nope, that's correct. It's a new technique based on a Russian word that means "gullible".

Re:Missing an M?

[BigU+03C0mpin]

Got it, the all knowing Google apparently isn't so hip to this.

Re:Missing an M?

[swd99999999]

A person who takes all their cloths off and jumps in a pile of money.

Re:Missing an M?

What's a Skimer?

Using the magical oracle known as "Google", we find the answer to that question is...
ATM malware
ATM malware
ATM malware
ATM malware
ATM malware
ATM malware
(you probably get the idea by now: "Skimer" is ATM malware)

Re: Missing an M?

You probably didn't get the idea that it's spelled "skimmer" (two M's). You might also try reading your own subject line.

Re: Missing an M?

[fizzup]

You probably didn't get the idea that it's spelled "skimmer" (two M's). You might also try reading your own subject line.

I am afraid it is you who is incorrect. A skimmer is a device, usually electromechanical, that you install in or on a legitimate card reader to illicitly read card numbers. This malware is a new version of "Backdoor.Win32.Skimer" (really, actually spelled with one "m"). While the malware can skim card numbers, it can do much more - including collecting PINs and telling the ATM to dispense cash. Given the capabilities of the malware, it's better to refer to it by it's proper name or as malware. If you read the summary, you will see that the author has done exactly that.

But don't get me started on ATM machine.

Re:Missing an M?

[jsepeta]

so not schemer

Re:Missing an M?

[cellocgw]

Got it, the all knowing Google apparently isn't so hip to this.

Most Wonderful He-Got-Whooshed message of the decade!

Re: Missing an M?

Can the skimer record my PIN number?

Re:Missing an M?

[doccus]

Indeed. I sooo hate "Replies returned for (Google corrected version)" "Choose the actual spelling you entered instead"
Great.. so if the great Mr G doesn't like my spelling I have to take three steps instead for every word or phrase...
Re: "Didn't you mean...?" Er, no, Mr Google sir.. if I had meant that I would have said so. And how long before they disable unapproved words or spellings altogether?
YaVol! Za! All bow down before ze mighty Alphabet.. Ya!

ATMs running Windows.

[EmagGeek]

This is just begging for it.

Re:ATMs running Windows.

Most ATMs do run Windows as an OS. If they didn't, nobody would be able to support them.

Re:ATMs running Windows.

This is just begging for it.

And if they were running Linux, they would exploit Linux. I really don't get the logic. Necessity is the mother of invention...ATMs run Windows, hack Windows...ATMs run Linux, hack Linux. And if you sit there and say Linux is not exploitable, then your a fucking moron.

Re:ATMs running Windows.

Because Linux machines are never hacked! Ever!

I bet we could fit your entire knowledge of either operating system in to a small informational pamphlet suitable for light reading by seniors.

Re:ATMs running Windows.

It's supposed to find and expose idiots incapable of understanding context and dealing with common typos.

Re:ATMs running Windows.

[Jeremi]

And if [the ATMs] were running Linux, [the hackers] would exploit Linux

That's very true -- the real question is, why should an ATM (or any other security-critical dedicated device) be capable of running any off-the-shelf software at all?

If I was in charge of designing ATMs, I'd ask for an OS that only runs programs that are encrypted and signed with my company's super-secret private key. That way even if someone somehow got their malware loaded onto the box, the OS would be literally incapable of executing the malware's code. (ideally the CPU itself would be customized to use a randomized/proprietary opcode set that is also generated based on the private key, but that might get a bit expensive, so short of that trusting the OS's program loader/verifier not to be exploitable might have to suffice)

Re:ATMs running Windows.

[msauve]

The difference is, when Microsoft abandons support for a version of Windows, there's nothing a customer (ATM manufacturer and/or bank) can do about newly discovered security holes. If using an open source OS, they have the source and the opportunity to do patches themselves (which may only involve a backport).

Re:ATMs running Windows.

[dwywit]

In other words, use a Micro-channel architecture machine running OS/2.

Actually, why not ask IBM to make an ATM out of an AS/400 running OS400? Proprietary code on closed hardware, can't go wrong.

Re:ATMs running Windows.

[Z00L00K]

The ones to blame are the banks trying to get a cheap solution.

It's not too hard to code for Windows, but it's also the most targeted OS when it comes to malware. And it's not easy to figure out all possible attacks since Windows is very bloated - even the lighter versions usually have a lot of unnecessary stuff floating around.

Re:ATMs running Windows.

[Z00L00K]

I agree here - it's possible to exploit Linux as well, it would be necessary to use an operating system that's stripped down to the bare essentials of what's needed in an ATM to get rid of possible exploits.

The early ATMs were harder to hack from this perspective since they were running their own software. They probably had some other security issues instead, so everything wasn't better.

Re:ATMs running Windows.

[Z00L00K]

Legion of Grammar Nazis appearing!

Re:ATMs running Windows.

[Z00L00K]

Nah - I'd go for a solution built on an embedded kernel on a processor that isn't that common, like the Zilog Z8 family. (Not compatible with Z80)

Or use an FPGA solution.

If done right it's a lot harder to plant malicious functionality into the ATMs.

Re: ATMs running Windows.

"your" instead of "you're" is NOT a common typo. It is lazy, fucking moronic writing. Too many people don't even know the difference anymore, and yet are happy to go around calling other people morons. So, when someone writes, "your a moron," especially on /., it sets off irony bombs everywhere.

Re: ATMs running Windows.

There are ATMs running OS/2 as well.

Re: ATMs running Windows.

[doragasu]

Security by obscurity. How could that go wrong?

Re:ATMs running Windows.

[eneville]

They would like to pay for support, but someone just emptied the ATMs.

Re: ATMs running Windows.

Obscurity is just one layer of security. It's not a fix-all, but it does help the situation.

Re: ATMs running Windows.

It is a typo I have to correct in my own writing all the time... not sure how common it is in general though.

Re: ATMs running Windows.

Bullshit. Older version of Windows were especially badly designed. Exploiting Windows is as easy as running the metasploit framework and mostly attention seeking school boys are doing it.

Windows was (with all the crap running with administrator privileges) and probably is incomparable more vulnerable than Linux with disabled services.

Re: ATMs running Windows.

TiVo did solve this problem on Linux: custom kernel requires apps to be digitally signed. Custom chip on the mobo requires the kernel to be signed. If you want to hack a modern TiVo (series 3 or newer), you need to replace a custom chip soldered to the mobo.

This is why there's an anti-TiVo clause in the GPLv3.

If ATMs followed this model, it would prevent software hacks like this one. To compromise the ATM, you'd have to open it up and replace hardware. If you can do that, it's easier to just take the money.

Re:ATMs running Windows.

Would your rather they still run OS/2?

Re:ATMs running Windows.

[AmiMoJo]

I do security for embedded systems, and you both misunderstand the problem,

An ATM is supposed to have physical security. It's full of money. If it isn't physically secure, you can just take the money out.

So it's reasonable to use an OS and not bother to update it (I guarantee, even if it was Linux it wouldn't get updates, because updates can break stuff and the manufacturer doesn't want the customer screaming at them to send an engineer to their Hawaii branch right away because their customers are screaming at them) Even if you do update it, there are always zero days, some flaws might be in things like firmware that can't or won't be updated anyway, someone will just rip the circuit board out and replace it with their own etc. So forget that, your main defence is physical security.

Same as on the outside actually. If you don't physically secure the customer facing part of the ATM, someone will install a skimmer and camera to capture PIN numbers.

It's nice to have a USB port for non-OS updates, because sometimes your customer will want to change the adverts being displayed or add a new feature. Like the money box, it needs to be physically protected. The mistake these guys made was to not protect the port properly. There was a lock, but staff often left it open because they didn't see the security risk, or they were the ones installing the malware.

Banks just accept this, because even with fraud it's cheaper than employing human tellers.

Re:ATMs running Windows.

[msauve]

How do you think that ATM checks an account balance? By physically sending an inquiry using pneumatic tubes? Nope, it uses a communications network, which makes it vulnerable to software flaws.

Re: ATMs running Windows.

[RabidReindeer]

And they were being exploited even before the Windows ATMs were.

Re:ATMs running Windows.

At least they wouldn't be hackable. I don't think you can find enough tools/development environment to compile a program any more, let alone someone who knew how to write a program for the operating system.

Re: ATMs running Windows.

[Aruta]

To compromise the ATM, you'd have to open it up and replace hardware. If you can do that, it's easier to just take the money.

And this, essentially, is the answer to the article, end of story. I'd upvote if I had the points. However, this being /., the discussion below continues in the vein of "my OS is better than yours"

Re:ATMs running Windows.

It means your logical fallacy is ad hominem.

Re:ATMs running Windows.

[AmiMoJo]

ATMs use either a dedicated network or a VPN connection with hard coded IP addresses (to avoid DNS issues). All incoming connections should be firewalled, which even on XP is enough to secure it.

Re: ATMs running Windows.

The hip boots are needed here. It doesn't matter on the system. The system used will be hacked eventually. It, the system, will, why, because it's the easy way to get money. As Willey Horton said, that's where the money is. How will the system get compromised? Easy, you have to have a way of input, to access a card, to update the system, to replace parts, etc...it's that easy. Not everyone touching the os, is a good guy. Or the program, or at the other end. That's how many ways there are to get in. Or the bank. Will the new card stop it, no. The chip card, will and can be used to enter data. A few bites here, a few bites there, now a activator, the program is changed. Anybody remember the old assembly language, done in pieces till the program is completed, then run. It's the same in the new languages. All have to have a compiler. They reject the incomplete parts, running the complete parts, until the parts are available for use, compiled. Run. Money.
So, what can you do? Nothing. Check your statement, put your money under your pillow? Makes a hard pillow. Untie your card from your main account/open a new account, use checks? Use cash? Credit freeze? Yeah. Take your chances?

Re:ATMs running Windows.

I vunt zat one, nat zis!

Re: ATMs running Windows.

Too many people don't even know the difference anymore

get over it, this is how language evolves.

words fall in and out of common use all the time, and also the meanings of words change. your and you're sound the same when spoken do you also bitch at people when they tell you your a moron to you're face?

what is likely going to happen is that eventually the written your and you're will likely merge and become a single spelling with both meanings.

Re: ATMs running Windows.

But, what is that button on Linux called? Up date button?
Damn, some people cannot see the forest for the trees. Which one was adopted for business applications first, they made the money, they made the system, businesses adopted it. Ease of use, and accuracy in math. Which was not the same as, the other OSes. One went graphics, another went scientific. Not easy to use in a business opportunity. Where's the money at? Business? And customers. But, you being geek, don't like customers, but banks, and businesses, make a living at satisfying customers, do. So, if I was a bad guy, would I go where the money is? Or where the pretty pictures are? Or the fractal algorithms are?

Re:ATMs running Windows.

[ComputerGeek01]

Don't blame Windows for incompetent banks you hacky sack kicking hipster. All they had to do is run a relatively current version of Windows and turn on AppLocker and this crap wouldn't even be possible without the kind of breech that would leave much more lucrative targets exposed. Meanwhile nobody has a week and a half to download then cross-their-fingers-and-compile all of the crap you would need to make an alternative Linux based ATM scheme secure. Most of these devices still use dial-up modems AND a wide range of hardware hence the choice to go with Windows.

The fact that these machines are less secure then most self-checkout lanes (which also use Windows) should be focus of this article. This is screaming that the banks don't actually give a damn about protecting our money because their butt-buddies in Washington will just reimburse them with no questions asked. Isn't it great when there is zero perceivable difference between centralized and decentralized banking? It's like we have the best of no worlds!

Re: ATMs running Windows.

+1 insightful
+1 funny

Re:ATMs running Windows.

Go back to your mom's basement, neckbeard. AppLocker isn't available on any version of Windows Embedded and you know it. Besides, AppLocker does not apply to users with administrative privileges so most malware is completely unaffected by it, as it exploits holes in system DLLs that are first of all not limited by AppLocker. Once elevated, AppLocker is moot.

Re:ATMs running Windows.

College ATMs run windows. and are sometimes the only way students can get their college grants.

Re:ATMs running Windows.

[EmagGeek]

Nice strawman. Where in my post did I saw I wanted them running Linux?

Re:ATMs running Windows.

[EmagGeek]

"And if you sit there and say Linux is not exploitable, then your a fucking moron."

Did I say that in my post? Did I say in my post I wanted them running Linux? Did I say anything about another operating system? Did I say or even imply that there was an unhackable operating system in existence?

Please do enlighten me about what mental gymnastics you had to go through to arrive at your conclusions about my post.

Re: ATMs running Windows.

[Zorpheus]

Though you should not write your own is, because then only a hand full of people will be fixing security holes. While the number of people looking for holes will be much larger than that

Re: ATMs running Windows.

[Zorpheus]

Though you should not write your own OS, because then only a hand full of people will be fixing security holes. While the number of people looking for holes will be much larger than that

Re: ATMs running Windows.

How come every-time I run apt-get update there are COUNTLESS bug fix updates to every single fucking thing ?

So yeah, Linux is "super secure" if you are willing to run on some sort of update treadmill.

In any case, reality disagrees with you since the Linux _kernel_ has _ALWAYS_ had more vulnerabilities than the NT kernel. I challenge anyone to prove it wrong. Go ahead, knock yourselves out.

Re:ATMs running Windows.

[locotx]

Ooooo . .are any running Windows XP . . .didn't support for that OS stop?

Re:ATMs running Windows.

Doesn't work. The AS/400 would keep out the script kiddies, sure. But they are not the ones emptying ATMs anyway. Any russian mobster can afford an AS/400 - or a complete ATM for experimentation. (Anyone can buy an ATM. Or steal one - that is more fun...) Then, a clever programmer is needed. One motivated by greed or a grudge (against banks or microsoft) or the sheer coolness. Many such exists. For a shortcut, get someone who got fired/downsized/outsourced from a bank's dev team - both the knowledge and the grudge!

Stuxnet took out proprietary industrial control systems. An ATM is just a windows computer with a few fancy device drivers - much easier.

Re: ATMs running Windows.

"Your a idiot" is the preferred phrase for trolling Grammer nazis.

Re: ATMs running Windows.

[invictusvoyd]

Kaspersky recommends that banks keep an eye out for âmagic cardâ(TM) information, which will show up on their processing logs and can help to detect potentially infected ATMs.

Kaspersky however did not choose to comment on the unprotected usb ports on these machines. And did not choose to disclose that they paid a bunch of school kids $5 to make that fake video .

Re:ATMs running Windows.

[toddestan]

There's a bunch of different versions of Windows XP embedded. Some of them were EOL with the regular version of Windows XP. A bunch were just EOL earlier this year. A few specialized versions are supported until sometime in 2019.

Re: ATMs running Windows.

"too" versus "to" is a typo. Missing an o or typing one extra. Misusing their, there, they're, you're, your, our, are, or other homophones has nothing to do with typos.

Windows is still legal?

[glomph]

Yow, you'd think it would be banned by now, it's such a shack of sit.

Re:Windows is still legal?

Yes, it'd be much better to run the twatware that is systemd.

Ain't nobody give a fuck 'bout nothin' but how fast your ATM boots amirite open whores?

Re:Windows is still legal?

Wouldn't it be better if we just banned moronic comments like yours? It seems like you don't actually understand anything about the subject in the first place. Or at least, not enough to speak intelligently about it. An intelligent person might actually attempt to build an argument and back it up with facts.

People wonder why slashdot is slowly dying - it's because it's infested with useless people who don't know what they're talking about 99% of the time. Most people who had deep technical understanding of operating systems fled years ago. Now we're left with failed abortions like you. The sooner you step in front of a fast moving bus, the better.

wait a sec

Just a sec here.

There are ATM's running a version of Windows?

I genuinely had no idea that was a thing. I always figured they would use some hardened, embedded OS or custom thing doing only what the ATM needed and nothing more.

Wow. Learned somethin' new.

Carry on then.

Re:wait a sec

[Darinbob]

Managers can be dumb sometimes. They think that if they use Windows on embedded systems that they'll save lots of time and money because they can hire cheap developers who don't need much training.

Re:wait a sec

[toonces33]

Most ATMs still run an embedded version of XP. This isn't the same as the XP that we all used to use, but a special version for embedded systems, but Microsoft has dropped support for it as well, and support ended this year on Jan 12th.

Re:wait a sec

[dbIII]

Some places cut corners and run the retail XP.
Insane on so many levels especially since dedicated lines to ATMs are mostly a thing of the past now. The funny thing is this stuff crept in because security issues of the software were dismissed due to dedicated lines and being able to treat the ATMs as if they were on a well firewalled private LAN.

Re:wait a sec

you pretending you haven't seen one? where do you live, Finland and never ventured as far as to germany even?
windows is the norm for running atm's around the world. you see it occasionally crashed.

now as about windows.. well.. it could be ok core for running an atm if they didn't just slap it on some "private" domain and network.. that they think is private anyways.

and if they installed it on something else than ntfs. oh boy. ntfs is like the malware & spyware writers dream when it comes to possibilities to hide where an actual executable comes when an actual program tries to load a file, any file. not to mention uefi/outside file drops.

ever wondered how you need to mount an iso to install virtualbox tools BUT SOMEHOW there is a mechanism for the (fake or real) bios to drop files right on the system and get them run from _outside the system_.

also never mind how easily the kernel is put into debug mode and the user is not made aware.

Re:wait a sec

[Applehu+Akbar]

"There are ATM's running a version of Windows?"

There is an easy way to identify the less-than-major banks that would do this: look for the armored car to be a bicycle messenger carrying a cigar box.

Re:wait a sec

[Macdude]

If it didn't have windows how are the guys that service the machine supposed to play minesweeper?

Re:wait a sec

[serviscope_minor]

There are ATM's running a version of Windows?

Yes indeed! In fact one of the reasons it was popular is so they could run nice full colour advertisements on them written in flash.

Re:wait a sec

Federal regulations come into play. the companies that still have XP running are paying up huge $ to MS for extended support.

Re:wait a sec

[jsepeta]

Prior to XP they ran NT, or OS2/Warp.

Why is ATM malware possible?

[h4ck7h3p14n37]

How does this malware get installed on a target machine? Is it installed by a technician on-site, or is it delivered over the bank's network?

Wouldn't cryptographically signed software distributed by hand on read-only media put a stop to this? And why would you run some version of Windows instead of using a stripped-down purpose-built operating system? Is it simply a matter of cost trumping security?

Re: Why is ATM malware possible?

Yes, there are many idiotic decisions that had to be made that led to this cluster fuck situation. Obviously "security" was an afterthought, if any thought put into it at all.

Re:Why is ATM malware possible?

Wouldn't cryptographically signed software distributed by hand on read-only media put a stop to this?

Sure, because there's never been a case of viruses or malware finding their way onto gold masters before. Oh, wait...

Re:Why is ATM malware possible?

[dbIII]

And why would you run some version of Windows instead of using a stripped-down purpose-built operating system?

MS marketing people were very active in the area a few years ago so they "won" the market. Add in place like Diebold with so many political and other connections that pull them in directions other than aiming for an effective product.

Re:Why is ATM malware possible?

[Joe_Dragon]

read only? that will stop the bank from pushing out new marketing ad's as part of the screen saver / slide show.

also read only will not stop from loading into ram.

Re:Why is ATM malware possible?

[khz6955]

Actually, once upon a time an ATM couldn't be programmed without the presence of a sealed hardware unit that couldn't be activated without entering two unique pass-codes entered by two bank officials, the codes being provided by a portable handheld device. Later on the banks 'upgraded' to Windows.

Re:Why is ATM malware possible?

[Locutus]

it has to be connected to the Internet so Microsoft can keep track of how many users there are and what they do on their OS. Haven't you read the EULA lately?

LoB

Re: Why is ATM malware possible?

Type in Google: Metasploit

Re:Why is ATM malware possible?

[AmiMoJo]

Yes, it's down to cost. To build custom hardware and software is expensive, and it will have security flaws in it anyway. Since you have to spend money on physical security to protect the cash, you might as well use it to protect the USB port used for updates too.

Security costs money. khz6955 talks about needing two secure keys, bank officials and sealed hardware etc, but in practice the money generated by having lots of cheap ATMs displaying adverts and reducing staff numbers far outweighs any losses to fraud.

Re:Why is ATM malware possible?

[Sir_Eptishous]

Actually, once upon a time an ATM couldn't be programmed without the presence of a sealed hardware unit that couldn't be activated without entering two unique pass-codes entered by two bank officials, the codes being provided by a portable handheld device. Later on the banks 'upgraded' to Windows.

That sounds almost like a condensed version of computing in general.

Re:Why is ATM malware possible?

[The+Raven]

Either through breaking in to access a USB jack, or by bribing an ATM service tech.

Re: Why is ATM malware possible?

money is the deciding factor in nearly every decision that is ever made.

security isn't really that important.

what is important is that an ATM is cheaper than an employee.
windows is cheaper than the alternative OS
security is expensive

as long as the cost of the ATM hardware plus customer fees from serviced customer minus the money stolen by criminals is less than the cost of a Live teller and/or higher security for the given situation then it makes sense for the banks to use the ATM, even if it is on an old OS that is considered insecure.

if it were cheaper than what minimal security they already have and the banks could still get people to pay them their fees or continue to do business with them, then they would just replace the ATM with a cigar box of cash, even if the occasional person just emptied it out and left.

Wait...

[Locke2005]

What genius decided it was a great idea to make Windows based ATM machines???

Re: Wait...

Most started out with OS/2, now most run Windows.

Re:Wait...

[Joe_Dragon]

who ever killed OS/2 at IBM.

Re:Wait...

[khz6955]

IBM chief: Microsoft killed OS/2

The day Bill Gates screamed IBM's house down

Windows 7 now

Yeh, sadly.

It usually has media player on it too, to play those adverts they show. I remember one crashed at Carnegie Mellon University and they made it play Beethoven on a loop.

It gets worse, Diebolds current products are still based on Windows, (Windows 7).
http://www.diebold.com/-/media/diebold/diebold-asset-library/dbd_productcard_diebold_hardware_cashdispenser_5700_v02_20150615.pdf?la=en

Re: Windows 7 now

A few months ago I was at a Walmart when they lost power; when it came back up, I saw the POS terminals booting.

Also Windows. :-/ XP or Vista, I think.

Amazing.

Confused.

[jrq]

Why does the video show a fake(?) ATM dispensing the worst counterfeit $100 bill ever recorded?

Re:Confused.

[jrq]

Oh. RTFA. Video is a re-creation by Kaspersky.

Re:Confused.

[Fnord666]

Why does the video show a fake(?) ATM dispensing the worst counterfeit $100 bill ever recorded?

The must have done a bunch of takes. I think the person on the left has to pee.

Grammar is hard? ATM machine? PIN Number?

Slashdot your grammar fails are staggering sometimes...

ATM stands for "Automatic Teller Machine" in the summary the anonymous idiot writes "ATM machine."

Next...

PIN stands for "Personal Identification Number" in the summary the anonymous idiot writes "PIN number."

In all honesty this story is weak, and chances are it's made weaker by the person submitting it since they obviously have a difficult time using acronyms.

Re:Grammar is hard? ATM machine? PIN Number?

To be fair to the anon submitter, that summary was copied from "thestack", where the person who wrote it was not anonymous.

Nicky Cappella https://thestack.com/author/nicky-cappella/ is the fucking moron in this instance.

The original kaspersky article does not contain either fuckup.
http://www.kaspersky.com/about/news/virus/2016/ATM-is-a-New-Skimmer

It's about time that slashdot stopped linking to fucking middle-men, and started linking to the actual source. (Although pointing out additional research from third-parties in the summary would obviously be fine.)

Similarly, in the recent article about SourceForge, whipslash linked to a third party article instead of just making his own newspost.

You would never see a CBS News report about "Fox News has run a story about something someone posted on a website", so why the fuck is it the norm here?

Re:Grammar is hard? ATM machine? PIN Number?

[Sir_Eptishous]

I usually side with Grammar Nazis on /., but in this instance, phrases like "ATM Machine" and "PIN Number" have become colloquial American English "canon", so to speak.

People have been calling them "ATM Machines" and "PIN Numbers" since the 80s.
There are many commonly used phrases and acronyms(in American English) that don't follow a grammatically correct logic, yet are used constantly.
Deal with it.

Department of redundancies department

[jenningsthecat]

ATM is an acronym for Automated Teller Machine, so 'ATM machine' is redundant.

Re:Department of redundancies department

[Mousit]

But it does go perfectly well with the Personal Identification Number number that follows in the very next sentence. :)

Re:Department of redundancies department

[cfc-12]

and the New Technology File System file system that follows that...

Re: Department of redundancies department

Good point. I'm going to call them AT Machines from now on, to avoid confusion.

Hot water heater

[Latent+Heat]

. . . and I suppose you are going to tell me it is called a "water heater"?

Re:Hot water heater

it is a water heater because hot water doesn't need to be heated.

Bosco! Bosco!

[Latent+Heat]

So you are telling me that a PIN has to be a number?

This article is missing a link

[liqu1d]

Where do I buy one of these magic cards?

Re:This article is missing a link

[Thelasko]

Where do I buy one of these magic cards?

You can buy an entire pack of them at any gaming store.

Re:This article is missing a link

This was my initial thought -- can I create a magic card for this thing and use it to be sure an ATM is at least free from this particular attack before I give it my real card. Or of course dispense a few extra bills and then self-delete the infection.

Re:This article is missing a link

[locotx]

*Giggty*

Original Post by Kaspersky Labs

[Fnord666]

Here is the original article on the Kaspersky Labs site in case anyone is interested.

The article at securelist.com has a few more technical details and includes a list of the special track 2 values used to activate the functionality.

Re:Original Post by Kaspersky Labs

[jbmartin6]

Thanks! I was trying to figure out what "If the ATM has an NTFS file system, netmgr.dll is placed in the executable file of the NTFS data stream" meant. Which I now read means "The same file will be placed in the NTFS data stream corresponding to the XFS services executable file."

Thank you Microsoft!

Keep up the good work!

Give em a break, Windows is the most secure

[Locutus]

It's the most secure OS........ they've shipped.

And quite the brilliant choice to be used for ATM machines, air traffic voice control systems, train signal systems, on the same LAN as a power plant status/control system, etc. What could possibly go wrong?

LoB

Re: Give em a break, Windows is the most secure

at least for dos you can make antivirus sw. basically all av sw are obsolete for already infested detection. because ntfs.

Don't let them misdirect your attention!

This is much like "identity theft" where nobody actually steals your identity (an impossibility). What has actually happened is that a bank or credit card company has engaged in a sloppy transaction with a store or other vendor and with a criminal. All three parties to the crime (none of which is YOU) have agreed to the transaction in your name and agreed not to verify that it is you. Then, when the completely reckless unverified deal went sour, the bank and the store agreed that it's YOUR fault and that YOU are to blame.... even though you are the one person NOT involved in any way.

Here, the ATM gets compromised in a manner only possible by the installation of malware. In other words: the people who own the ATM and control the access to its guts install the malware themselves or allow somebody to install the malware. YOU have nothing to do with the compromising of the machine, but when things go wrong, it's YOUR problem!

In both these situations, YOU are the only truly innocent party, but YOU are the one all the guilty people point the finger of blame at, and they take YOUR money and then tisk-tisk about how you are the unfortunate victim of some nebulous global crime phenomena...

People need to stop automatically being conned into surrendering to these misdirected blame scams! When somebody compromises a machine and gets at cash from your accounts THE BANK has been robbed of THEIR money and you have no obligation to allow them to make themselves whole by taking the cash from your account and claiming YOU are the victim! WAKE UP!

Me fail Engrish?

Skimer. PIN numbers.

Well played Slashdot. You have successfully enraged me over nothing.

not to mention PINs being on the magstripe

[cellocgw]

If we really want to try to install any kind of access security, at the very least the access code should not be on the card but at a (gosh) salted hashed dbase.

I'd suggest going to chipped ATM cards as well, but from what I hear those are not particularly foolproof either.

Pretty much any host computer is subject to a MITM attack vector here (the computer IS in the middle of the transaction)

How to make a lot of money of ATMs

First, get your software on to the ATM...

"ATM Machines" "PIN numbers" *twitch*

[p0larity]

Redundant term is redundant.

access to the PIN?

[Toshito]

The PIN is entered on the pinpad, and checked by the chip on the card. The Windows machine behind all that never sees the PIN, the dialogue is only between those 2 components.

Even with magstripes, the PIN is encrypted by the pinpad, and again all the windows part of the ATM can see is this encrypted version.

I'm talking about ATMs from a big bank, maybe those small cash distributing machines (those who add 2$ fees to your 20$ withdrawal, yuck!) are much more vulnerable, but on our ATMs it's impossible for the windows machine to see or record the PIN.