"Our products just aren't engineered for security."

--Brian Valentine, Microsoft executive

Summary: More stories of compromised Windows-based ATMs raise important questions

LAST year we gave an extensive sample of incidents where ATMs got hijacked or failed very badly because they ran Microsoft Windows. Truth be told, by Microsoft's own admission, Windows is simply not suitable for secure, mission-critical operations [1, 2, 3].

Today we are finding news reports that we wish to share:

i. Data-sniffing trojans burrow into Eastern European ATMs

Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.

[...]

The SpiderLabs report said only that the targeted ATMs ran on the Windows XP operating system.

Windows XP cash machines can steal your PIN

The SpiderLabs team reports that it has been able to perform an analysis of the malware, which had been discovered on compromised East European cash machines running Windows XP.

[...]

I understand that the malware can be installed, and activated, by way of a Borland Delphi Rapid Application Development executable that replaces the original isadmin.exe utility file. Executing this dropper produces the malware file within the C:\WINDOWS directory of the machine.

Only yesterday we saw yet another hospital whose operations got suspended by Windows viruses. Hospitals should be occupied dealing with real viruses, not computer viruses, so this is not acceptable selection of technology. Likewise, ATM maintainers should worry more about social engineering than about back doors. ⬆