Recently Trustwave, a payment card industry security and compliance firm, discovered malware installed on ATMs in Russia and Ukraine.
According to the article on eWeek.com, malware on each of the infected machines (running Windows XP) was installed and activated through a Borland Delhi RAD (Rapd Application Development) executable dropper file by the name of isadmin.exe. The dropper binary contains a Data Resource (RCDATA) named PACKAGEINFO that contains the actual malware. The dropper file is executed when the hacker inserts a fake ATM card with the malware trigger code into the machine. Once activated, the trigger code produces the malware file Isass.exe inside the C:\\WINDOWS directory of the compromised system.
The eWeek.com article reports that this particular ATM hacker vulnerability can be easily modified to target multiple ATM vendors and is making it’s way to other countries, including the US.
This entry was posted on Friday, June 12th, 2009 at 9:00 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
