A Bank of America employee has been charged with installing malware on ATMs in North Carolina. The employee, who was a member of the bank’s IT staff, was able to withdraw cash without leaving transaction records from the ATMs over the course of 7 months during 2009.

The charges were filed the same day that credit card company Visa warned the banking industry that Eastern European ATM malware recently showed up in America for the first time. That code, initially spotted last year on some 20 ATMs in Russia and Ukraine, was designed primarily to capture PINs and bank card magstripe data, but also allowed thieves to instruct the machine to eject whatever cash was still in it… At least 16 versions of the East European malware have been found so far and were designed to attack ATMs made by Diebold and NCR, according to the April 1 Visa alert. There is no information tying the malware found in Russia with the malware allegedly used by Caverly.

Further details available at Wired’s Threat Level

A bold new type of malware has been identified.  Its attack vector is based on hijacking the DNS settings for devices on a local area network. Any device regardless of operating system that depends on an internal or external name server can be affected.

The trojan configures and runs a rogue DHCP daemon on the infected host. Other devices on the same LAN are misled into using name servers settings provided by the trojan DHCP daemon for DNS lookups instead of using the origional configured name servers.

Devices on the network are then sent to fraudulent websites that can be more difficult to identify as imposters since the DNS lookups appear correct.

This is a more advanced attack of a well known vector of attacking a systems hosts file, but by being system agnostic and using the familiar DNS protocol, it is much more effective.

More details can be found at SANS