Russian ATMs Spit Out Cash After Malware Attack

Tyler Durden's picture

Russian daily Kommersant reports that the Bank of Russia detected malware that hides inside ATM’s operating memory which "forces" them to dispense cash to anyone who enters certain code on its keyboard. The paper cites the deputy head of information security Artem Sychev, and adds that cash machines made by NCR were among the ATMs mostly attacked.

Kommersant also writes that according to sources who received the Bank of Russia FinCert newsletter with a description of the virus, the virus in question is the so-called "Disembodied" or Bespalova virus that “lives” in ATM RAM. According to FinCert, the ATM virus was first noticed in Russia for the first time. Since the virus does not have a file body, it can not be removed by anti-virus programs and can live in infected ATM indefinitely, according to sources.

“The virus is aimed at stealing funds directly from the bank teller machine, and is activated after a specific code is punched in, at which point it gives all the cash from the first cassette dispenser, which holds most large bills (denominations of 1 thousand or 5 thousand RUB). The funds will be dispesned to anyone who puts in the proper code, but to most ordinary people it is difficult to pick up, and any attempts to figure it out may trigger the suspicion of the security services of the Bank” – said the source publication.

Sources in banks said that he was shocked by the device’s largest manufacturer of ATMs — NCR. However, Komersant notes that any ATM can be the target.

“The identified vulnerability is not specific to a particular manufacturer, since all the ATMs are running on Windows” said a sources.

Kommersant reports that the bank has not yet found a solution to removing the new virus, and adds that banks can only raise the overall level of security of their networks.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
BetterRalph's picture

Smile for the Camera

truthseeker47's picture

Another Windows defect?  shocking!

mary mary's picture

This is Skynet.  Please take your cash.  Wait: take some more.  Would you like fries with that?

zeroboris's picture

Using Windows for financial operations must be forbidden by law.

Everyone is lying's picture

So I don't have to go to Las Vegas any more, Las Vegas is coming to my local ATM!


What fun!


Can I get a free cocktail while I'm playing?



TheEndIsNear's picture

One would think that supposedly secure systems the OS would be embedded in Read Only Memory (ROM) so that it can't be tampered with, although I suppose that wouldn't prevent exploitation of buggy code even if it were in ROM and *especially* if it were running Windows. Should have been running Linux or BSD Unix.

ConnectingTheDots's picture

I found it amusing (and sad) that ATMs would be running the most buggy and insecure operating system of them all.

ConnectingTheDots's picture

Looks the the hacking tools the CIA "lost control" of are starting to be put to use.

We can probably expect a lot more financially motivated crimes.

You may want to consider getting a security freeze on your credit to help protect yourself.