ATM MALWARE
dfhjr
dfhjr
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
TABLE OF CONTENTS<br />
EXECUTIVE SUMMARY .......................................................................... 3<br />
<strong>ATM</strong> <strong>MALWARE</strong> SUB-FAMILIES ............................................................. 3<br />
1.1 BACKDOOR.PLOUTUS ........................................................................................................................................... 3<br />
1.2 BACKDOOR.TYUPKIN ........................................................................................................................................... 4<br />
1.3 BACKDOOR.<strong>ATM</strong>.SUCEFUL .................................................................................................................................... 4<br />
1.4 BACKDOOR.<strong>ATM</strong>.GREENDISPENSER ..................................................................................................................... 4<br />
1.5 TESTED SAMPLES ................................................................................................................................................. 5<br />
2. ATTACK OVERVIEW .......................................................................... 5<br />
3. CASH THEFT METHODS ..................................................................... 6<br />
3.1 TROJANSPY:<strong>ATM</strong>/PLOUTUS ................................................................................................................................. 6<br />
3.2 BACKDOOR.<strong>ATM</strong>.TYUPKIN .................................................................................................................................... 7<br />
3.3 BACKDOOR.<strong>ATM</strong>.SUCEFUL .................................................................................................................................... 7<br />
3.4 BACKDOOR.<strong>ATM</strong>.GREENDISPENSER ..................................................................................................................... 7<br />
4. DETECTION ....................................................................................... 8<br />
4.1 BEST PRACTICES TO PROTECT <strong>ATM</strong> SYSTEMS ...................................................................................................... 8<br />
4.2 NETWORK VISIBILITY THROUGH RSA SECURITY ANALYTICS .............................................................................. 8<br />
4.3 SYSTEM VISIBILITY THROUGH RSA ECAT ............................................................................................................ 9<br />
4.4 RSA ECAT DETECTION: TROJANSPY:<strong>ATM</strong>/PLOUTUS ........................................................................................... 10<br />
4.5 RSA ECAT DETECTION: BACKDOOR.<strong>ATM</strong>.TYUPKIN ............................................................................................. 10<br />
4.6 RSA ECAT DETECTION: BACKDOOR.<strong>ATM</strong>.SUCEFUL ............................................................................................. 10<br />
4.7 RSA ECAT DETECTION: BACKDOOR.GREENDISPENSER ...................................................................................... 11<br />
5. CONCLUSION .................................................................................. 11<br />
6. APPENDIX ...................................................................................... 12<br />
6.1 ECAT SAMPLE’S ANALYSIS ................................................................................................................................. 12<br />
6.2 YARA RULES ....................................................................................................................................................... 12