

Credit card skimming malware targeting Diebold ATMs - alecco
http://www.sophos.com/security/blog/2009/03/3577.html

======
alecco
"The main Trojan executable contains the code to handle the _magnetic card
reader_ using _undocumented Diebold Agilis 91x functions_ , inject code to
ATM’s processes, parse transactions in Ukrainian, Russian and US currencies
and _use printer_ , probably for printing the stolen data. I am also fairly
sure that some of the instructions to the keyboard for typing PIN numbers are
connected with hooks to log the captured PINs."

And

"By uncovering code that appears to encrypt data and a possible alternative
user interface it seems to me that the stolen data is encrypted, probably to
allow the attackers to use “money mules” to retrieve the data in person."

Just wow.

ZeroDay has more on this <http://blogs.zdnet.com/security/?p=2908>

