Homepage Sophos newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

The long arm of the lawbreakers

Announcement posted by Sophos 18 Mar 2009

 

Paul Ducklin, Head of Technology, Asia Pacific at Sophos comments on newly-discovered strain of malware which targets ATMs

THE LONG ARM OF THE LAWBREAKERS

Today's intriguing story from Sophos is here: http://www.sophos.com/security/blog/2009/03/3577.html

It's about a newly-discovered strain of malware which targets -- wait for it -- ATMs (cash machines).

Fortunately, this isn't an end-of-world-as-we-know it story. It's extremely unlikely -- which is cautious geek-speak for "isn't going to happen" -- that cybercriminals could simply launch malware like this from an internet cafe or from an innocently-botted home user's PC and get it onto ATMs at your local bank. We're guessing that any infections by malware such as this would need insider assistance to get the malware onto ATMs in the first place.

We also find it hard to imagine this sort of attack succeeding inside Australia. Despite regular criticism in recent years, Australian banks do take computer security seriously, internally and externally. This makes it much harder for a criminal to pull off something as unusual as a rogue software install onto ATM hardware.

However, before now, ATM "skimming" (which is where you thieve the details of users' cards together with their PINs) has typically relied upon some sort of card reader glued to the front of an existing ATM to capture card data and a nearby video camera to film users entering the PIN to go with each card. But malware inside the ATM itself would mean that you would no longer need a tell-tale external card reader to skim -- hence the malware name Troj/Skimer-A.

Nasty.

Incidentally, this isn't the first time that specialised financial systems have been targeted. Last year, point-of-sale devices sold in Europe were found to have been implanted with a Trojanised hardware add on which transmitted credit and debit card data via the mobile phone network to criminals in Lahore, Pakistan:

http://www.sophos.com/blogs/gc/g/2008/10/12/chip-and-pin-fraud-hits-european-supermarkets/

If ever you had any doubts about the intent and the determination of today's internet-enabled criminals, now is the time to throw out those doubts.

Just because you're not paranoid doesn't mean they aren't out to get you!

-ends