[ThreatDetectors]

This is very interesting. I have been scanning through a lot of these samples and this code seems to be very adaptive. Is there a way to get the source to potentially reverse engineer it for future ATM defense?

[EP_X0FF]

Is there a way to get the source to potentially reverse engineer it for future ATM defense?

Do you mean potentially write a clone? :)

[ThreatDetectors]

Is there a way to get the source to potentially reverse engineer it for future ATM defense?

Do you mean potentially write a clone? :)

No not at all, this isn't of our nature. But instead to potentially be ahead. I currently develop firewalls for ATM security and I feel it would help to have a complete source just to know exactly how it does penetrate our systems.

[EP_X0FF]

How does source of primitive virtual memory scraper related to "how it does penetrate our systems"? This is just a bot. Your system already penetrated by exploit or my criminal.

[ThreatDetectors]

How does source of primitive virtual memory scraper related to "how it does penetrate our systems"? This is just a bot. Your system already penetrated by exploit or my criminal.

Hey,

I take no sides here man. Money is the motive, there is high demand for ATM security. Doesn't necessarily mean that I take the side of the good nor bad. Let me know if we could discuss the source.

[Xylitol]

there is high demand for ATM security.

Financial institutions don't need source code, they just dissassemble and write rules.
And related to this sample, it's know/detected since months now, a lot of people/companies already warned about this sample and took countermeasure, there is even probably a snort rule.
So since time... the mitigation is good now.
And you can still dissas samples with Reflector or similar MSIL tools, so it's not even a problem to have the code but there is absolutely no need and no reason in the meantime.
Honestly, if you can't even understand 'how it's work' without having a copy of the original source code (and this thread contains already a ton of infos/links), i think you can abandon your idea of firewall, it will fail.

[EP_X0FF]

Let me know if we could discuss the source.

Unknown guy registered here for a less than 1 month and hiding behind TOR asks for source code of ATM malware for "good purposes". No, even if we have it, I highly doubt we will share it. Thread split and locked.