Hey Frenzzz.....
Expert "Kaspersky Lab" Fabio Assolini said in his blog on the distribution of banking Trojan "Chupacabra", written in Brazil. In his post you can see that there is a possibility of its use in the Russian system of ATMs.
Expert "Kaspersky Lab" Fabio Assolini said in his blog on the distribution of banking Trojan "Chupacabra", written in Brazil. In his post you can see that there is a possibility of its use in the Russian system of ATMs.
You may have heard about the Chupacabra - Goat vampire ("lollipop" in Spanish means "to suck", "Cabra" - "the goat"). Indians in ancient times yet frightened by this monster of their children. Today's "eyewitnesses" Chupacabra (a babe allegedly showed up in Puerto Rico, Mexico and the USA) argue that this is a cross between a dog and a big bald tailed kangaroo with a crest on the back of coarse wool, matted in the form of spikes. In addition to these beauties, from the gray substance smells like it was straight from hell. Scientists have long argued that the Chupacabra - just a figment of the imagination of ignorant people. However, the modern Brazilian carders think otherwise. "Chupacabra" - slang name of the skimmer, which is ideal to cope with the role of the Information vampire, sucking all the data from the victim's credit card.
Brazilian media often display video from surveillance cameras, where the unlucky attackers set their ATMs on the Chupacabra.
http://www.youtube.com/watch?feature...&v=-iCs3dEHCyQ
This is quite difficult and risky way of stealing other people's money has forced Brazilian carders together with local coders to develop a more secure way to steal someone else's banking information. As a result, the light appeared Chupacabra-malicious.
Now, instead of running to the ATM at night and set them skimmers, attackers in a warm draft and determine their malicious code on Windows-based computers running the banks. Malicious programs intercepted information to the switchboard during the transaction being committed at supermarkets, gas stations, in general, wherever the use of bank cards have to enter your PIN.
For the first time the Trojans 'Chupacabra' (also known as Trojan-Spy.Win32.SPSniffer) was seen in December 2010 in Brazil. He now has four variations (A, B, C and D), and its value to the attacker on the black market at $ 5000. Attacks using the "Chupacabras" are expanding their geographic, beyond the limits of Brazil - as has already been reported such cases in the United States.
Of course, PIN-keyboard equipped with security features, for example, the function of erasing the user-entered PIN in the case of registration of the device attempts to intercept. Entered PIN instantly encoded (most commonly used symmetric block cipher), which makes it difficult to capture pin.
But there is a problem: these devices are connected to a computer via USB-or serial port using the software for electronic payments. The old patch panels used in Brazil, just are at risk because they do not encrypt the personal information contained on the chip credit card. It includes the card number, expiration date, service code and check number - anything that will help an attacker to clone the card and spend other people's money.
Furthermore it establishes a simple USB-sniffer or a serial port, usually specially "adapted" version of Eltima and TVicPort, intercepting data between the panel and the computer. The first version of the "Chupacabras" installed the DLL, which monitored and stealing traffic from all devices connected to any COM-port.
http://s018.radikal.ru/i522/1202/a4/78d5a4b9857c.png
Now malware installs a driver for the USB-TVicCommSpy traffic.
http://i023.radikal.ru/1202/f1/465f15bc9917.png
The information is usually sent to the fraudsters e-mail. To confirm the "safe" sending stolen data, Chupacabra has in its arsenal a special cryptographic symmetric system with Unicode-key an interesting name.
http://i049.radikal.ru/1202/51/db7b3cfa42a2.png
Now Brazil is actively working to replace the old PIN-keyboards on the new in order to prevent theft of personal information of owners of bank cards.This article was originally published in the forum topic: 'Chupa Cabra' malware attacks the topic INC.
0 comments:
Post a Comment