The code for the software uses undocumented features to create a virtual 'skimmer' which is capable of recording card details and personal identification numbers without the user's knowledge, which suggests that the creator had access to the source code for the ATM. While this doesn't directly point to an inside job, the possibility certainly can't be ruled out.
Sophos believes that the code was intended to be pre-installed by an insider at the factory, and would hold transaction details until a special card was entered into the machine – at which point a nice list of card numbers, PINs, and balances would be printed out for the ne'er-do-well to peruse at his leisure. It's also possible that the malware could be installed by someone with access to the ATM's internal workings – such as the person who refills the supply of money each day.
Malware targets Windows-based ATMs
Posted on Sunday, March 22 2009 @ 14:02 CET by Thomas De Maesschalck
Antivirus firm Sophos reports they've found a new type of malware that goes after Windows-based ATMs from Diebold: