Doctor Web – a Russian developer of Dr.Web anti-virus solutions – warns on a sophisticated Trojan Horse found in ATMs of some Russian banks. This Trojan intercepts data on credit cards and pin codes of customers who use the infected ATM. This data can later be used by criminals to produce duplicate bank cards and thus steal funds from accounts of the victims.

The Trojan is detected by Dr.Web Anti-virus as Trojan.Skimer. According to Virus Monitoring Service of Doctor Web, 7 modifications of the malware has been discovered so far. The Trojan collects information on credit cards and PIN-codes that are entered from the ATM's keyboard during the authentication procedure. Combined with a PIN-code, the card data can be used to produce an illegal duplicate of the original card. To withdraw the stolen data, the criminals have to compose a special service code on the infected ATM's keyboard - and the data is printed out as a reciept.

As a rule, the bank's ATM network has no access to the World Wide Web. This means that the only way the Trojan could have penetrated the ATMs is through an insider - a person or a group of persons connected with the bank or with an ATM service company. The usage of a specific DLL of the ATM operating system by the Trojan also implies a good knowledge of the attacked ATMs by the criminals.