Slashdot Mirror

← Back to Stories (view on slashdot.org)

Updated Skimer Malware Infects ATMs Worldwide (thestack.com)

Posted by BeauHD on from the back-at-it-again dept.

An anonymous reader writes: Researchers at Kaspersky have discovered an improved version of Backdoor.Win32.Skimer infecting ATM machines worldwide. The new Skimer allows criminal access to card data, including PIN numbers, as well as to the actual cash located in the machine. The malicious installers use the packer Thermida to disguise the Skimer malware which is then installed on the ATM. If the ATM file system is FAT32, the malware drops the file netmgr.dll in the folder C:\Windows\System32. If the ATM has an NTFS file system, netmgr.dll is placed in the executable file of the NTFS data stream, which makes detection and analysis of the malware more difficult. Skimer may lie dormant for months until it is activated with the phsyical use of a "magic card," which gives access control to the malware, and then offers a list of options that are accessed by inputing a choice on the pin pad. The user can then request the ATM to: show installation details, dispense money, start collecting the details of inserted cards, print collected card details, self delete, enable debug mode, and update. Here's a video of the Skimer malware in action.

6 of 121 comments (clear)

  1. ATMs running Windows. by EmagGeek · · Score: 5, Insightful

    This is just begging for it.

    1. Re:ATMs running Windows. by Anonymous Coward · · Score: 0, Insightful

      This is just begging for it.

      And if they were running Linux, they would exploit Linux. I really don't get the logic. Necessity is the mother of invention...ATMs run Windows, hack Windows...ATMs run Linux, hack Linux. And if you sit there and say Linux is not exploitable, then your a fucking moron.

    2. Re:ATMs running Windows. by msauve · · Score: 5, Insightful

      The difference is, when Microsoft abandons support for a version of Windows, there's nothing a customer (ATM manufacturer and/or bank) can do about newly discovered security holes. If using an open source OS, they have the source and the opportunity to do patches themselves (which may only involve a backport).

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  2. Windows is still legal? by glomph · · Score: 1, Insightful

    Yow, you'd think it would be banned by now, it's such a shack of sit.

  3. Grammar is hard? ATM machine? PIN Number? by Anonymous Coward · · Score: 0, Insightful

    Slashdot your grammar fails are staggering sometimes...

    ATM stands for "Automatic Teller Machine" in the summary the anonymous idiot writes "ATM machine."

    Next...

    PIN stands for "Personal Identification Number" in the summary the anonymous idiot writes "PIN number."

    In all honesty this story is weak, and chances are it's made weaker by the person submitting it since they obviously have a difficult time using acronyms.

  4. Department of redundancies department by jenningsthecat · · Score: 2, Insightful

    ATM is an acronym for Automated Teller Machine, so 'ATM machine' is redundant.

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.