A new virus has been discovered on ATMs throughout Russia and the Ukraine. The ATMs; running Microsoft’s Windows XP operating system, appear to have had been infected with a 50Kb piece of malware. The malware, which ran under the guise of lsass.exe, an executable which is normally used to cache users credentials to make accessing data easier, evaded normal virus scans and security checks.
As the piece of malware sits undetected, it gathers not only the card number of any card used on the machine, but also the start and expiration date of the card, the pin, and the 3-digit security code. All of this information was stored on the ATMs hard drive until the person controlling the virus decided it was time to collect. The method for retrieving the data was also very smart and likely contributed to staying undetected for so long. When the thief was ready to collect, they simply went to the ATM, inserted a preprogrammed “trigger” card, and all of the data was printed out via the ATMs receipt printer. So far, the malware has been found on 20 ATMs, and the experts at SpiderLabs, the company that located the bug, has said that it is likely it if more wide spread, and likely to continue to spread. It is up to banks to now tighten up their security procedures as well as pay careful attention to the audit trails that up until now have been used to make sure customer data was being transmitted securely.
As a bank user, the best thing you can do is pay careful attention to your bank and credit card statements and your credit report. You can get a free credit report for the Big 3 credit agencies by visiting https://www.annualcreditreport.com/, or check with your bank/credit card company to see if they offer free/cheap credit monitoring.
See the article on New Scientist for more info.
Bookmark this post: