Ploutos_and_ploutus

in kaspersky lab we have 29 different samples of this

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: t Petersburg. This malware used some undocumented functions to collect and print all card details of cards inserted in the infected ATM. Also, it was able to open cash cassettes using a master card command. It is not clear how the attackers were able to plant this malware inside the affected ATMs. Gang members involved in the infection of the ATMs were arrested in Saint Petersburg in June 2009. However, the author of Backdoor.Win32.Skimmer is still free and continues creating malware for Diebolds ATMs in Eastern Europe (Ukraine, Macedonia, etc.). In Kaspersky Lab, we have 29 different samples of this malware in our collection, the last one added on October 19th 2013. This new version does not pay attention to cards and only interacts with the cash cassettes. There was a second case discovered in Brazil during late December 2010 (detected as Trojan- Spy.Win32.SPSniffer). This malware used third- party utilities (such as http://www.pcworld.com/product/954711/tviccommspy.html) to get access to card data transferred via standard COM and USB ports. This way it was able to collect PIN numbers in outdated ATMs using PIN pads versions without strong cryptographic protection. This third- party approach could be used for attacking any kind of ATM based on Windows without taking into account any peculiarities from the manufacturer. This malware only targets card data. TLP: Green 4 At the time of writing, there are 37 different samples of this family in Kaspersky Lab´s collection, the last one being added the 10t...
View Full Document

This document was uploaded on 01/15/2014.

Ask a homework question - tutors are online