Ciff Saran Posted: 04 Jun 2009

The Eastern European cash machine network may be prone to a serious hacking attack, banks have been warned.

SpiderLabs, the security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests, has investigated security breaches on automated teller machines (ATMs) running Windows XP over the past few months and found the same malware residing on the breached machines.

"This malware is unlike any we have ever had experience with. It allows the attacker to gain complete control over the ATM to obtain track data, PINs and cash from each infected machine," TrustWave said.

TrustWave found that the malware enables an attacker to steal card data from the ATM's receipt printer or by writing the data to an electronic storage device (possibly using the ATM's card reader). It also discovered code indicating that the malware could eject the cash dispensing cassette.

"We believe the current attack vector is an early version of the malware sample, and future attacks will add functionality such as propagation via the ATM network. If an attacker can gain access to one machine, the malware will evolve and propagate automatically to other systems."

Approximately 20 ATMs have been compromised, primarily located in Eastern Europe. TrustWave expected the attack to spread to the US and other regions of the world.  This is not the first time a flaw has been found in cash machines. In January, Cambridge University published a paper on a flaw in chip and Pin readers.

Below is a Sample Page from a PDF Report from Trustwave.  (click to enlarge)
The Full Report is Available Here