Windows XP ATM's Under Hacker Attacks in Europe - US Could Be Next!

ATM Machine

( -- There have been approximately 20 ATM's in Eastern Europe that have been compromised. These attacks are in the early stages of development and would probably gain momentum and even spread to US ATM machines.

A security outfit, TrustWave's SpiderLabs performed the analysis of malware found installed on compromised ATMs in the Eastern European region. The ATM's that were compromised ran Microsoft Windows XP. The malware captures magnetic stripe data and PIN codes from the private memory space of transaction-processing applications installed on infected ATM.

The attacker can gain full control of the infected ATM through a customized user interface built into the malware. This is accomplished by inserting a controller card into the ATM's reader.

TrustWave's analyses don't believe the malware has networking functionality that would send data to other, remote locations over the Internet. The malware would output the harvested data through the ATM's receipt printer or write the data to a storage device inserted into the ATM's .

TrustWave stated; "this malware is unlike any we have ever had experience with. It allows the attacker to gain complete control over the ATM to obtain track data, Pins and cash from each infected machine."

"We believe the current attack vector is an early version of the malware sample, and future attacks will add functionality such as propagation via the ATM network. If an attacker can gain access to one machine, the malware will evolve and propagate automatically to other systems."

A dropper file named isadmin.exe, is installed into the ATM and executed within the C:\WINDOWS directory of the compromised machine. The malware then proceeds to control the Protected Storage service that would handle the original lsass.exe executable file, located in the C:\WINDOWS\system32 directory, to point to the infected file.

The malware is designed to remain active in the event the ATM crashes and has to restart.

© 2009

Explore further

Hacking Citibank's Virtual Keyboard

Citation: Windows XP ATM's Under Hacker Attacks in Europe - US Could Be Next! (2009, June 4) retrieved 19 October 2019 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Feedback to editors

User comments

Jun 04, 2009
upgrade to windows 7 lol

Jun 04, 2009
time to use not windows for important financial transactions.

Jun 04, 2009
oh please, they never got hacked my ass. of course they did. XP just is probably easier to hack. haha

Jun 04, 2009
Why do these vendors provide writable card readers, and operator card access without having a physical mechanical key? Shouldn't you be required to gain physical access into the machine internals prior to accessing? Anyone can explain this?

Jun 04, 2009
Ahahahahaha, too funny. Who got the payoff to sell WinXP for ATM's. lol This is the dumbest, most laughable situation I've heard all year.

Is this the same group that leaves US military desktops connected to the internet without firewalls and then tells the world "We're under attack!"?

Jun 04, 2009
I don't know about the bank machines, but the stand-alone 'white label' ATM machines these days are running Windows CE, not XP. Furthermore, older pre-Windows models don't run any operating system at all; they are loaded instead with dedicated proprietary firmware that is launched from a ROM bootstrap routine at startup, and that firmware is not x86-based code. Older machines are inherently more secure for that reason, as well as the fact that they communicate through dialup modems instead of directly through the Internet.

Although the new Windows-based technology was implemented primarily to allow ATM firms to gain additional revenue through on-screen advertisments, it may also pose some interesting 'unforeseen' possibilities and consequences.

Suppose, for instance, an ATM firm wished to encroach upon the territories of a competitor. An employee of the firm could simply pose as a customer attempting to use one of the competitor's machines, while in reality employing a card for the purpose that had been cleverly re-programmed in such a manner as to inject a malware. The advent of the proposed new 'chip-and-pin' card readers could possibly make this even easier, as the chip on the card must be accessed by the machine directly.

The malware injected would not even have to be purposed towards skimming. All that would really be required would be a partial shutdown or corruption of the targeted machine; anything that would further erode the site owner's confidence in the competitor firm's ability to provide effective service and reliable machine operation. The sales representative of the attacking firm could then approach the victimised client with a "better deal" offer, and so gain that site's transaction revenues.

I think I'll stick with the older machines, thanks. They cost less to service, anyway.

Jun 05, 2009
That's why they stole some ATMs.
They investigated them and found that ATMs can be compromised with specially designed card - exploit.

Jun 05, 2009
Well, they got what they deserved for trusting M$.

Jun 07, 2009
Since the use of MS is driven by the 'need' to display ads, one must ask a question: Has anyone on the planet ever paid any attention to an ad on an ATM?

Jun 07, 2009
The Chinese know how to deal with this. Stop pandering to the marketing dichotomy between Windows and Linux. Develop special purpose chips, with custom operating systems, that don't allow common hacking techniques.

No, it isn't that frigging difficult. It's just that it doesn't fit in Microsoft's plan for world domination.

Jun 08, 2009
Since the use of MS is driven by the 'need' to display ads, one must ask a question: Has anyone on the planet ever paid any attention to an ad on an ATM?

What matters most is not whether anyone pays any attention to full-motion advertisements displayed on ATM machines, but rathermore the fact that ATM firms are now able to garner additional revenue by selling that extra service.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more