Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does GreenDispenser self-deleting malware work?

A new type of self-deleting malware, known as GreenDispenser, allows attackers to rob ATMs of cash. Expert Nick Lewis explains how this threat works and how to prevent it.

How does self-deleting malware work? Is it typically on a system long enough to be detected, or does it erase itself...

before detection? If so, how would enterprises know if any damage is done by self-deleting malware?

The GreenDispenser malware discovered by Proofpoint allows a criminal to empty the cash out of an automatic teller machine (ATM). It seems to rely on poor physical security practices and potential vulnerabilities in the ATM software. Once the GreenDispenser is used to cash out the ATM, it securely deletes itself. The self-deleting malware works by destroying any files it creates at a predefined time, such as once it executes or on a certain date. The files or executable code first need to get onto the victim's machine. In the GreenDispenser example, potential physical security vulnerabilities were exploited to gain physical access to the ATM so the malicious code could be copied to the system.

Obviously, one of the goals of any malware is to not be detected; in the case of GreenDispenser, the malware author tries to reduce the chance of detection by deleting itself before detection occurs. However, the malware needs to be on the system long enough to be executed so the ATM can be cashed out. ATMs and kiosk systems are typically very restricted and have controlled functionality. This gives a significant benefit to a defender because any executable, file or network connection that is not specifically approved can and should be blocked or investigated as suspicious. An enterprise would know damage was done if malware is detected on an ATM or kiosk.

Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Discover how to detect malware that leaves no file on disk

Find out how some malware types adapt to VMs and self-destruct

Learn more about the effects of a financial malware tool going public

This was last published in February 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.

Essential Guide

Antimalware tools and techniques security pros need right now

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Has your organization encountered malware that deletes itself, and if so, how did you mitigate it?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close