Cyber Crooks Targeting Windows XP-Based ATM Machines

You may want to think twice the next time you drive up to an ATM machine and blithely insert your bank card into the nondescript machine and plug in your PIN number, because a gang of cyber crooks are now targeting ATM machines.

European hackers are targeting ATM machines that run on Windows XP with a new malware program that provides full access to a user’s pin codes and other personal data.
Trustwave’s SpiderLabs analyzed the unique malware program discovered in nearly 20 ATM machines in Eastern Europe and have never seen anything like it. All of the infected machines were found to run on Windows XP.

The hackers used a simple dropper file to install and activate the malware virus. A dropper file is a tiny infected, standalone program that drops a virus into a system. One the dropper installs and activates the malware program; the hackers obtain full access to the private memory space of all of the transaction-processing applications on ATMs.

The malware program works by capturing the magnetic strip data and PIN codes. The cyber crooks then access the personal data by inserting a specially designed card into the ATM, where they can pull up their own customized user interface.

Once this occurs, the hackers have effectively hijacked the ATM and you can say goodbye to your money.

Cyber security experts have issued previous warnings to banking institutions regarding the risk of using a Windows based system to run ATM machines. Some have even called the practice stupid.

Many ATMs now run Windows operating systems connected to a large group of servers over an IP network, exposing personal data to theft, and denial of service attacks.

Many systems don’t even encrypt data as it travels through the network, exposing card numbers, card expiration dates, transaction amounts, and account balances in plain text, making it easy for determined cyber crooks to harvest customer’s data.

The virus experts of SpiderLabs believes the cyber crooks are using Eastern Europe as a testing ground for their malware program, before they launch the virus to infect ATMs in the United States and other countries.