Data-Sniffing Trojans Burrow into Eastern European ATMs
Dan Goodin writes on The Register:
Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.More here.
The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM's receipt printer, according to analysts from SpiderLabs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.
"They're following more of a rapid development lifecycle," Nicholas Percoco, vice president and head of SpiderLabs, told The Register. "They're seeing what works and putting out new versions."
SpiderLabs researchers delved into four of the more recent versions and what they found was a highly capable family malware written with professional standards. Once installed, it monitors the ATM's transaction message queue for track 2 data stored on inserted cards. If it contains data belonging to a banking customer, it logs it, along with the PIN code that was entered.