Saturday, June 13, 2009

ATMs under Trojan Attack in Eastern Europe

ATMs under Trojan Attack in Eastern Europe

security experts revealed a family of data-stealing trojans is infecting automatic teller machines in Eastern Europe over the past 18 months

It monitors transaction message queue for track 2 data stored on inserted cards. If it contains data belonging to a banking customer, it logs it, along with the PIN code that was entered.

The software works with Controller Cards... in its Primary Menu the main features it provide are
1. Print Collected Data
2. Restore logged files before malware infected the machine
3. Uninstallling the malware

there is a secomdary menu with main features as
1. Dispensing all Cash in ATM
2. Upload data to a chip on cotroller card

Thursday, June 11, 2009

Conficker : one of most dreaded worm of 2008

(also known as Downup, Downadup and Kido)
targets Microsoft Windows operating system, first detected in November 2008.
Believed to be the largest computer worm infection since the 2003 SQL Slammer.

If got infected try it:
Microssoft's Live Online Scan
download and run this utility on your infected machine

Its Nature:
* Extracts all of its files to the %System% directory with random DLL file names, which can wreak havoc on your computer.
* Deletes the user's Restore Points.
* Registers a services called Netsvcs
* Creates scheduled tasks that execute all of the DLL files.
* Creates it's own simple HTTP server on the infected computer and spreads the worm to other computers in the network through file shares.
* Creates an Autorun.inf file in file shares to execute the warm files once the share is accessed by another computer.
* Connects to external sites to download additional files.

This exploits vulnerability called MS08-067 in Windows 2000, XP, and Server 2003.
Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability.

Click Image To Enlarge It

For Detailed Information : Click Here