Autorun virus in an HDFC bank ATM

Went to a nearby HDFC ATM only to discover one out of service machine, with the other showing a prompt by one "Guardian antivirus" (an antivirus which until now i didn't know existed) detecting an Autorun.fla virus. (Pic attached, abysmal quality by my phone's cam *apologies* but can just make out whats written).

At least it detected that virus but who knows what all else is on there with no information about the brand's virus detection rates. HDFC bank cannot even afford a decent antivirus...i'm pretty sure a cracked version of the antivirus must be in use ROFL..! It may have been a false positive though can't be sure.. the file was "00.scr" in the system32 folder.

An extremely serious breach of security imo.

This machine is situated at the Sector 11 market of Dwarka, New Delhi.
 

PrK

Iaruglrer
Messages
255
Location
New Delhi
ISP
Nextra
Yeah this one... They could've just used MSE and not even spent the Rs.549 :grin: so now we even know what no name antivirus they use on their ATMs..lol
 

neevarp

Regulars
Messages
1,498
Location
Trivandrum
ISP
Asianet DOCSIS 3.0
Is there any provision to inform them about this? I skimmed through HDFC website and could not find anything to report such aspects (which gives me the jitters since HDFC is my primary banker)..
 
D

Deleted member 7160

Is there any provision to inform them about this? I skimmed through HDFC website and could not find anything to report such aspects (which gives me the jitters since HDFC is my primary banker)..
Send an email to [email protected], I usually get security/scam alerts from this mail ID.
 


PrK

Iaruglrer
Messages
255
Location
New Delhi
ISP
Nextra
I thought they(banks) were using Linux on their ATM machines.
Nope afaik they all use windows server 2003 edition.

Is there any provision to inform them about this? I skimmed through HDFC website and could not find anything to report such aspects (which gives me the jitters since HDFC is my primary banker)..
i did send them a mail on the email Deleted Member 7160 has provided.

one thing that's bugging me is how could the executable even find its way into the machine? probably an infected pen drive used by one of the maintenance peeps. really goes to show how grim the malware situation and awareness is among the population.

----------

just saw this for the filename in question 00.SCR, Prevx :x
 
D

Deleted member 7160

I remember reading somewhere that in Sep, there SQL database was hacked and it took 21 days for HDFC to fix it.
 

mehrotra.akash

Regular
Messages
914
Location
NA
ISP
I-ON(Dvois)/Airtel+IPTV/Photon+
Nope afaik they all use windows server 2003 edition.


The SBI and ICICI ones in my college use XP

Have a video of an SBI one stuck in a reboot loop, and an ICICI one usually shows the taskbar
 

PrK

Iaruglrer
Messages
255
Location
New Delhi
ISP
Nextra
The SBI and ICICI ones in my college use XP

Have a video of an SBI one stuck in a reboot loop, and an ICICI one usually shows the taskbar
yeah even i've seen such machines

I remember reading somewhere that in Sep, there SQL database was hacked and it took 21 days for HDFC to fix it.
that sucks..
Had to send them a mail via their complaint/feedback form...
 
D

Deleted member 7160

@prk let me find a mail ID tomorrow and provide you. Am sure I have seen some mail ID which takes care of Virus & other stuffs!
 

PrK

Iaruglrer
Messages
255
Location
New Delhi
ISP
Nextra
@prk let me find a mail ID tomorrow and provide you. Am sure I have seen some mail ID which takes care of Virus & other stuffs!
Alright thanks.. though i think they should respond to the mail sent through the form.