BDO ATM Cmd Shell
Great shot by Yugatech of a Banco De Oro ATM machine dropping to a cmd shell and executing an ftp script. The ip address shown is inside their local network and uploads are sent to a "backup" folder. Seems to be a backup script executed by the "at" service which is why the script is executed by svchost.exe. No idea why it would show the cmd window although unless the /interactive switch was included although that would be very weird on such a machine. Some exploits do execute a cmd shell through svchost though. =)
