Ploutos_and_ploutus

One of the main differences in the new sample was

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: September 2013 by Kaspersky Lab’s technology partner SafenSoft. One month later a second version of the malware was discovered. One of the main differences in the new sample was that it is translated to English (the first version was in Spanish). That may be a clear indicator that the gang behind it plans to extend the campaign. In this document we analyze all the detected versions of the malware, focusing on the new one. We provide some background information about ATM attacks too. Kaspersky Lab detects Ploutus (first version) as Trojan- Banker.MSIL.Atmer.a and Ploutos (second version) as Trojan- Banker.MSIL.Atmer.b. Contact information For any inquire please refer to [email protected] TLP: Green 3 Analysis This section provides background information about malware found in ATMs, describes the operational details of the Mexican campaign where the malware was originally detected, and describes the main features of both the first and second versions of the malware. Malware in ATMs The first malware for ATMs, detected by Kaspersky Lab as Backdoor.Win32.Skimer, was publicly disclosed in 17 March 2009. Previously other attacks on ATMs took place, but mostly through the use of skimmers or social engineering (placing an ATM controlled by criminals in a public space and waiting for victims to use it). This malware was discovered in several Diebold ATMs running a Windows- based operating system, affecting at least three banks in Russia. The ATMs were physically based in Moscow and Sain...
View Full Document

This document was uploaded on 01/15/2014.

Ask a homework question - tutors are online