There is a hack that has been put into place on ATM(Automated Teller Machines)using windows XP as an OS that allows for malicious persons to recover account and PIN numbers directly from the machine.

The hack is most likely inserted using a compromised card that when read by the ATM causes the infection to begin. Once the virus is in play it replaces the isadmin.exe file which then replaces the lass.exe file.

Once the infection has run its course another “control” card can be used to harvest the information gathered. According to the report the card can even eject the cash box on the ATM.

The malware was able to capture the magnetic stripe data from the private memory space of transaction-processing applications that were installed on these compromised ATMs, along with PIN codes for good measure.

Courtesy of some advanced management functionality found within the malware code, the attackers are able to control the compromised cash machines via a customized interface which can be accessed by simply inserting a controller card into the ATM card slot.

The stolen data can then be printed using the receipt printer built into the ATM, or output via the card reader to a suitable storage device. SpiderLabs do not believe that there is any networking functionality built into the malware, however.