Automatic Teller Machines running Windows XP controlled by malware!

banger@epgstream — Mon, 08 Jun 2009 19:06:00 +0000

Trustwave’s SpiderLabs performed the analysis of malicious software (malware) found installed on compromised ATMs (Automated Teller Machines) in the Eastern European region. This malware captures magnetic stripe data and PIN codes from the private memory space of transaction-processing applications installed on a compromised ATM. These ATMs compromised by the malware ran Microsoft’s Windows XP operating system … Does your ATM run Windows XP?

The malware contains advanced management functionality allowing the attacker to fully control the compromised ATM through a customized user interface built into the malware. This interface is accessible by inserting controller cards into the ATM’s card reader.

SpiderLabs analysts do not believe the malware includes networking functionality that would allow it to send harvested data to other, remote locations via the Internet.

The malware does, however, allow for the output of harvested card data via the ATM’s receipt printer or by writing the data to an electronic storage device (possibly using the ATM’s card reader).

Analysts also discovered code indicating that the malware could eject the cash dispensing cassette.

Major Australian banks, such as the Commonwealth Bank, are currently running Windows XP on their ATM networks. This new type of malware could be used here in Australia where economic conditions are prime to make illegal fraudulent activites appealing … Why bother going to the trouble of breaking into or stealing an ATM when you can just hire a 14 year old kid to hack into one!

Learn more about this issue by reading Trustwave’s Malware Briefing.

Additional references: wired.com cnet.com computerworld.com

Commonwealth Bank Phishers – Good Not So

banger@epgstream — Wed, 27 May 2009 02:39:26 +0000

The poor ‘ole Commonwealth Bank have been copping a hiding of late as far as phishing campaigns go! CBA have been targeted by what appears to be multiple groups of phishers based on email content, formatting and even levels of grammar.

One thing I can say is that the spammers are getting better with their content and formatting, not perfect, but better. Phishing’s main downfall here appears to be grammar and spelling which always makes something “tingle” on the back of your neck, even if you are new to the phishing experience … You know we’re all going to be in trouble when the phishers finally get someone to proof-read their emails!

Just remember these simple tell-tale signs that someone is phishing:

You are not addressed by your full name or other personal information.
You do not appear to be emailed directly. Rather you are part of a BCC list.
Spelling does not appear to localised for your region. e.g. “Authorised” (Australian) vs “Authorized” (American).
Links you are asked to follow do not belong to the actual organisation the email appears to be from. e.g. http://sydney049.com/monwealthbank.com.au/login.aspx belongs to the “sydney049.com” domain and not the “commonwealthbank.com.au” domain.

Remember, if in doubt then pick up the telephone and give the organisation a call directly (though don’t use the phone number from the email)!

Check out some of the better phishing emails the Commonwealth Bank have had to issue alerts for:

epgStream.net Online » Commonwealth Bank

Automatic Teller Machines running Windows XP controlled by malware!

Commonwealth Bank Phishers – Good Not So