Ploutos_and_ploutus

The value for datac is cleared at the same time as

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: lowing ones are supported: §༊ 99 – Terminate the Trojan process §༊ 54 – Activate §༊ 31 – Dispense money. With this version of the Trojan a hacker can’t specify how much money to dispense. A more complex algorithm is used instead. The malware will check all available cassettes and empty the first one which has 40 or more bills. After this the malware will display the total amount of money remaining in the ATM. Figure 3: Displaying of ATM´s status After an initial dependency analysis we could still find the presence of the NCR.APTRA.AXFS library. By offering a wide array of methods that can be used to interact with the ATM equipment directly, this DLL makes it easy for the malware authors to create high- level code that can be modified quite quickly. TLP: Green 14 Most of the languages available within the .NET framework are aimed at providing the developers with a rapid way to create prototypes and applications. In this case, a C# application that uses many of the .NET cryptography namespaces and a third- party interface for ATM interaction provides a great way to keep the co...
View Full Document

This document was uploaded on 01/15/2014.

Ask a homework question - tutors are online