Russian daily Kommersant reports that the Bank of Russia detected malware that hides inside ATM’s operating memory which "forces" them to dispense cash to anyone who enters certain code on its keyboard. The paper cites the deputy head of information security Artem Sychev, and adds that cash machines made by NCR were among the ATMs mostly attacked.
Kommersant also writes that according to sources who received the Bank of Russia FinCert newsletter with a description of the virus, the virus in question is the so-called "Disembodied" or Bespalova virus that “lives” in ATM RAM. According to FinCert, the ATM virus was first noticed in Russia for the first time. Since the virus does not have a file body, it can not be removed by anti-virus programs and can live in infected ATM indefinitely, according to sources.
“The virus is aimed at stealing funds directly from the bank teller machine, and is activated after a specific code is punched in, at which point it gives all the cash from the first cassette dispenser, which holds most large bills (denominations of 1 thousand or 5 thousand RUB). The funds will be dispesned to anyone who puts in the proper code, but to most ordinary people it is difficult to pick up, and any attempts to figure it out may trigger the suspicion of the security services of the Bank” – said the source publication.
Sources in banks said that he was shocked by the device’s largest manufacturer of ATMs — NCR. However, Komersant notes that any ATM can be the target.
“The identified vulnerability is not specific to a particular manufacturer, since all the ATMs are running on Windows” said a sources.
Kommersant reports that the bank has not yet found a solution to removing the new virus, and adds that banks can only raise the overall level of security of their networks.