Trojans at ATMs. Official comments of Kaspersky Lab
The news about the appearance of viruses in ATMs has made a lot of noise today. On Habré already had time to slip links to relevant publications on the sites Lenta.ru and CNews , but any official comments from companies involved in information security, we have not appeared here. And just now I just received some clarifications from Kaspersky Lab. Alexander Gostev, head of the Kaspersky Lab global research and threat analysis center, comments:
“This malware was detected and added to the anti-virus database of Kaspersky Lab on March 19, 2009 under the name Backdoor.Win32.Skimer.a. This is a Trojan program that infects ATMs of the popular American manufacturer Diebold (according to unconfirmed reports, we are talking about ATMs located in the territory of the Russian Federation and Ukraine). To date, there is no information about really infected machines. However, we assume that their number, if any, is minimal. Infected machines become vulnerable to further actions of the attacker, namely: having a special access card, the virus writer can withdraw all the cash available at the ATM, as well as get access to information about all other users' transactions through this ATM.
The principle of infection, given the lack of real applications from banks, is not yet completely obvious. LC specialists assume that we can talk about two possible options: direct physical access to the ATM system or access through the bank’s internal network to which the ATMs are connected.
')
Analysis of the program code makes it possible, with a high degree of probability, to assume that its author is a citizen of one of the CIS countries.
Unfortunately, the average user will not be able to determine the infection of the ATM. However, this can be done by its owners. In order to avoid possible contamination, LK experts strongly recommend all banks to conduct a check of the operated ATM networks using a standard antivirus program that detects this malicious software.
Backdoor.Skimer.a is the first malware aimed at infection and existence in ATMs. We do not rule out the emergence of new malicious programs aimed at the illegitimate use of banking information and cash. ”
“This malware was detected and added to the anti-virus database of Kaspersky Lab on March 19, 2009 under the name Backdoor.Win32.Skimer.a. This is a Trojan program that infects ATMs of the popular American manufacturer Diebold (according to unconfirmed reports, we are talking about ATMs located in the territory of the Russian Federation and Ukraine). To date, there is no information about really infected machines. However, we assume that their number, if any, is minimal. Infected machines become vulnerable to further actions of the attacker, namely: having a special access card, the virus writer can withdraw all the cash available at the ATM, as well as get access to information about all other users' transactions through this ATM.
The principle of infection, given the lack of real applications from banks, is not yet completely obvious. LC specialists assume that we can talk about two possible options: direct physical access to the ATM system or access through the bank’s internal network to which the ATMs are connected.
')
Analysis of the program code makes it possible, with a high degree of probability, to assume that its author is a citizen of one of the CIS countries.
Unfortunately, the average user will not be able to determine the infection of the ATM. However, this can be done by its owners. In order to avoid possible contamination, LK experts strongly recommend all banks to conduct a check of the operated ATM networks using a standard antivirus program that detects this malicious software.
Backdoor.Skimer.a is the first malware aimed at infection and existence in ATMs. We do not rule out the emergence of new malicious programs aimed at the illegitimate use of banking information and cash. ”
Source: https://habr.com/ru/post/55523/
All Articles