Ploutos_and_ploutus

Even when physical access was needed they were not

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: their English equivalents. Still, a lot of misspelling errors can be found, which makes us suspicious about the Spanish- speaking origin of this sample. The commands are sent to the malware through a special sequence in the ATM´s keypad interface. It uses the last two digits, of a sixteen digit sequence entered, for the instruction that the attacker wants to perform. Ploutus generates a 16- bit long random ID for the ATM, and the last 2 bits are the opcodes corresponding to the following actions: - AutoKill: Kills any Ploutus running process. - AutoCheck: Makes sure everything is ready for cashing- out. - MoneyOut: Cashes- out money from the ATM and prints the configuration. Another difference is how the money is cashed- out. In this version it is not possible to specify the amount of money to steal; it dispenses money based on the most available bills. Also, it only allows cashing- out during the first 24 hours since the installation of the malware. TLP: Green 9 Attribution PLOUTOS (or Plutus) was the god of wealth. He was at first associated purely with the bounty of rich harvests. Later he came to represent wealth in more general terms. He was blinded by Zeus so he would distribute wealth indiscriminately and without favor towards the good or the virtuous. It is possible to see in the GUI that the malware is written in Spanish. Also the bad English translation and the geographical location of the infected machines points in the same direction. There is not much text to work with, but “Dispense” is a term much more often used in...
View Full Document

Ask a homework question - tutors are online