So, how did the high-tech Latin American gang hacked and stole RM3 million (US$920,000; £560,000) in a couple of nights? It all started with Microsoft – they stopped supporting Windows XP operating system after 8th April, 2014. In other words, even if the ATM trojan horse was discovered one day after the end-of-support date, Microsoft will not release any security patches to plug the threat, period.
The problem is there are up to 95% ATM machines running on Windows XP. Again, due to cost and profit, banking institutions prefer to close one-eye and pretend as if their ATMs were as secured as the Alcatraz. In the case of Malaysian ATM thefts, the Latin Americans could most likely infected their compact disc with “Backdoor.Padpin” trojan horse. Once the CD is inserted, the ATM reboots and execute the trojan horse, which create the following file:
 [PATH TO THREAT]\ulssm.exe
The Trojan then creates the following registry entries so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ulssm.exe” = “[PATH TO THREAT]\ulssm.exe“
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”ulssm.exe” = “[PATH TO THREAT]\ulssm.exe“
 
 
No comments:
Post a Comment