Tuesday 25 March 2014

XP malware allows criminals ATM emptying via SMS

ATM malware infects a Windows XP installation makes it possible for criminals by sending a single SMS message to retrieve the dispenser. Empty It involves the Ploutus malware last October for the first time in Mexico was discovered, but is now active in more countries.

Two weeks after the discovery of a new variant Ploutus was found . This version was translated not only in English but also had a modular architecture. Anti-virus company Symantec has this version further analyzed and discovered that criminals now the ATM to clean out. via sending text messages.

Attack
To attack the ATM criminals first need to have physical access to it. Then the ATM machine booted from a boot CD. This boot CD contains the Ploutus malware that infects the operating system of the ATM during startup. In addition, the virus may be present, the malware also switches off.

After installation, it is possible to activate Ploutus via a special key combination can be spent on command. Money Criminals straw men gave the command to retrieve the money had to share this key. If the straw men knew what could be done with the key they can light up their client, says Symantec.
Ploutus ATM attack overview


Smartphone
To solve this problem, the criminals can also link a smartphone to the ATM. The already installed malware ensures that the criminal can communicate. Using the smartphone with the ATM This avoids key shared. Lake with the straw man The criminal can now send an SMS to the ATM which then spends the money that is being recorded. Straw man by himself The attacks would have been observed. Different places in the world.

Symantec notes that as encrypted hard drives, which installed the malware may occur. Modern ATMs have better security, Older ATMs, however, would run on XP and are therefore more vulnerable. Ploutus example works only on Windows XP. Banks also get the advice to Windows 7 or 8 upgrade. In addition, the BIOS must be locked so that it can not be booted. From other media.

MD5:
488acf3e6ba215edef77fd900e6eb33b
b9f5bd514485fb06da39beff051b9fdc

Virus Total Link:
https://www.virustotal.com/en/file/0106757fac9d10a8e2a22dce5337f404bfa1c44d3cc0c53af3c7539888bc4025/analysis/

https://www.virustotal.com/en/file/34acc4c0b61b5ce0b37c3589f97d1f23e6d84011a241e6f85683ee517ce786f1/analysis/

No comments:

Post a Comment