ATM Malware Surfaces as Hackers Target Banks

Found on eWEEK on Wednesday, 03 June 2009

Trustwave uncovers malware on 20 ATM machines in Russia and Ukraine designed to allow hackers to swipe everything from cash to PIN codes.

ccording to the company, roughly 20 ATMs were infected with malware that captures magnetic stripe data and PIN codes from the private memory space of transaction-processing applications installed on the compromised ATM.

Each of the compromised ATMs studied by Trustwave ran Microsoft Windows XP.

"The other piece is following security best practices on the system itself, having anti-virus installed on it, having (locked) down USB ports, making it very difficult for someone to actually-if they were to open up the machine-to do anything to the operating system itself," he said.

That article raised quite a few questions: why is such a system running XP, a desktop operating system and why does an ATM have USB ports? Really, if it's time to put anti-virus software onto ATMs, then it's time to stop using them. Granted, an insider could still write malware for a self-made OS, but now John Doe can test and compile it on a computer running XP.

Browse all articles« Previous « » Next »