Ploutos_and_ploutus

The interaction with the atm is done through the use

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ey from the cassette. It also has a service/project installer, performs keyboard hooking and, interestingly, has a graphical user interface listing the main features: Figure 2: Ploutos GUI The interface is in Spanish. Below is a translation of the different options presented to the user: Generar ID: Generate ID Activar ATM: Activate ATM Dispensar: Cash out Salir: Exit Ploutos installs a Windows service installer that makes sure it’s available on demand for the criminals. The “NCRDRVPS” service is created and starts every time the ATM is booted. TLP: Green 6 Access to the GUI is provided by pressing a specific sequence of function keys: “F8F1F7F3F5F4F2”. Unusually, this malware has its own security measures: an 8- character activation code is needed to start interacting with the malware. This code is based on the current date. The following commands are supported, which are the same as those offered through the graphical interface: • 12340000: A test command which just prints the current date. • 12343570: Prints the generated ATM ID. • 12343571 + 8 digits: The activation code. The activation date and MD5 hash of the encoded activation code are stored in the configuration file. • 12343572 + bill index + number of bills: Dispenses the specified money. • F8F1F7F3F5F4F2: Shows the GUI. The malware is written in C# with .NET Famework 2.0, so it´s able to run in any Windows operating system with Frameworks installed. The interaction with the ATM is done...
View Full Document

This document was uploaded on 01/15/2014.

Ask a homework question - tutors are online