The hack is most likely inserted using a compromised card that when read by the ATM causes the infection to begin. Once the virus is in play it replaces the isadmin.exe file which then replaces the lass.exe file.
Once the infection has run its course another "control" card can be used to harvest the information gathered. According to the report the card can even eject the cash box on the ATM.
Read more here.
The malware was able to capture the magnetic stripe data from the private memory space of transaction-processing applications that were installed on these compromised ATMs, along with PIN codes for good measure.
Courtesy of some advanced management functionality found within the malware code, the attackers are able to control the compromised cash machines via a customised interface which can be accessed by simply inserting a controller card into the ATM card slot.
The stolen data can then be printed using the receipt printer built into the ATM, or output via the card reader to a suitable storage device. SpiderLabs do not believe that there is any networking functionality built into the malware, however.
- > NEXT STORY: CyberPower Offers World's Fastest Gaming Laptop
- < PREVIOUS STORY: Antec 200 gaming case reduces price, not features