Some ATMs Still On XP

Cyber-criminals have been cutting holes into European cash machines in order to infect them with malware.

The holes were cut so that the hackers could plug in USB drives that installed their code onto the ATMs. Details of the attacks on an unnamed European bank’s cash dispensers were presented at the hacker-themed Chaos Computing Congress in Hamburg, Germany.

The thefts came to light in July after the lender involved noticed several its ATMs were being emptied. The bank discovered the criminals were vandalising the machines to use the infected USB sticks. Once the malware had been transferred, they patched the holes up. This allowed the same machines to be targeted several times without the hack being discovered.

The attackers could take the highest value banknotes in order to minimise the amount of time they were exposed. Interestingly the software required the thief to enter a second code in response to numbers shown on the ATM’s screen before they could release the money and the thief could only obtain the right code by phoning another gang member and telling them the numbers displayed. This stopped the criminals going alone.

Source

ATM Malware Found In Mexico

A malicious software program identified in ATMs in Mexico has been improved and translated into English, which suggests it may be used elsewhere, according to security vendor Symantec.

Two versions of the malware, called Ploutus, have been discovered, both of which are engineered to empty a certain type of ATM, which Symantec has not identified.

In contrast to most malware, Ploutus is installed the old-fashioned way — by inserting a CD boot disk into the innards of an ATM machine running Microsoft Windows. The installation method suggests that cybercriminals are targeting standalone ATMs where access is easier.

The first version of Ploutus displays a graphical user interface after the thief enters a numerical sequence on an ATM’s keypad, although the malware can be controlled by a keyboard, wrote Daniel Regalado, a Symantec malware analyst, on Oct. 11.

Ploutus is programmed for a specific ATM model since it assumes there is a maximum of four cassettes per dispenser in the ATM. It then calculates the amount of money that should be dispensed based on the number of bills. If any of the cassettes have less than the maximum number of 40 bills, it releases whatever is left, repeating that process until the ATM is empty.

Kevin Haley, director of Symantec Security Response, said in an interview earlier this month that the attackers have deep knowledge of the software and hardware of the particular ATM model.

“They clearly know how this machine worked,” he said.

The source code of Ploutus “contains Spanish function names and poor English grammar that suggests the malware may have been coded by Spanish-speaking developers,” Regalado wrote.

In a new blog post, Regalado wrote that the attackers made Ploutus more robust and translated it into English, indicating the same ATM software can be exploited in countries other than Mexico.

The “B” variant of Ploutus has some differences. It only accepts commands through the keypad but will display a window showing the money available in the machine along with a transaction log as it dispenses cash. An attacker cannot enter a specific number of bills, so Ploutus withdraws money from the cassette with the most available bills, Regalado wrote.

Symantec advised those with ATMs to change the BIOS boot order to only boot from the hard disk and not CDs, DVDs or USB sticks. The BIOS should also be password protected so the boot options can’t be changed, Regalado wrote.

Source

LinkedIn Beefs Up

LinkedIn has re-tooled its search engine with changes designed to make it easier for members to find information on the business networking site, whose volume of content has increased and grown more diverse in recent years.

Launched in 2003, LinkedIn initially focused on giving professionals a place to feature their resumes and career bios, as well as connect with peers and colleagues, but the site has progressively become more interactive and houses a much larger repository of data beyond individual profiles.

For example, almost 3 million companies have set up corporate pages, more than 1.5 million groups have been created, the site features a jobs section, and individuals and publishers are able to post and share comments and links to articles.

So it’s not surprising for LinkedIn to focus on improving its search engine, which fielded 5.7 billion queries last year.

LinkedIn members have until now had to run separate queries for groups, companies, jobs and other professionals, but that’s changing with the upgraded search engine.

“Now, all you need to do is type what you’re looking for into the search box and you’ll see a comprehensive page of results that pulls content from all across LinkedIn including people, jobs, groups and companies,” Johnathan Podemsky, a LinkedIn product manager, wrote in a blog post on Monday.

Users can still segment results, so as to see only job results, for example.

The LinkedIn search engine is also gaining auto-complete and suggested-searches functionalities to help people fine-tune query terms. In addition, the search engine will log members’ search queries and “learn” from them in order to deliver more relevant results.

It will also be possible for users to save search queries and be alerted about new or changed search results. The advanced search option has also gained more search filters, including location, company and school.

However, the search engine still doesn’t include content from the company’s SlideShare site, which about 60 million monthly visitors use to upload, share, rate and comment on primarily slide presentations, but also documents, videos and webinars.

Also, the search improvements are being applied to the main site, not to the mobile apps, although doing so is something the company is looking into, according to a spokeswoman.

LinkedIn started to roll out the new search features on Monday, and expects to finish delivering them to every member worldwide in the coming weeks.

As of the end of 2012, LinkedIn had topped 200 million registered members located in more than 200 countries.

Source