net127: a scrapbook of words and images

December 09, 2003

Worm Hits Windows-Based ATMs

Automated teller machines at two banks running Microsoft's popular Windows software were infected by a computer virus in August, the maker of the machines said Monday.

The ATM infections, first reported by SecurityFocus.com, are believed to be the first of a computer virus wiggling directly onto cash machines.

Computer security experts predicted more problems to come as Windows migrates to critical systems consumers rely on.

An unknown number of ATMs running Windows XP Embedded were shut down during the spread of the so-called Nachi worm, said executives at Diebold, which made the ATMs and refused to name the customers affected.

The Nachi worm, also dubbed "Welchia," was written to clean up after the MSBlast, or Blaster, worm. Instead it crippled or congested networks around the world, including the check-in system at Air Canada. Both worms spread through a hole in Windows XP, 2000, NT and Server 2003.

In January, the SQL Slammer worm led to technical problems that temporarily kept Bank of America's customers from their cash, but did not directly cause the ATM outage.

"It's a harbinger of things to come," said Bruce Schneier, chief technical officer of network monitoring company Counterpane Internet Security.

"Specific-purpose machines, like microwave ovens and until now ATM machines, never got viruses," said Schneier, author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." "Now that they are using a general purpose operating system, Diebold should expect a lot more of this in the future," he said.

John Pescatore, an analyst at Gartner, agreed.

"It's a horrendous security mistake," he said of specific-purpose machines like ATMs running Windows, which is written for general-purpose computers and for which Microsoft releases security fixes on a regular basis. "I'm a lot more worried about my money than I was before this."

Diebold switched from using IBM's OS/2 on its ATMs because banks were requesting Windows, said Steve Grzymkowski, senior product marketing manager at Diebold.

"They have been asking us to ship ATMs with Windows because of the graphics capabilities. They want a common look between the ATMs and Web-banking sites," he said. "Another advantage is they are familiar with Windows."

To help prevent future problems Diebold is shipping ATMs with firewall software designed to block out viruses and other attacks, he said.

"As far as it happening again, I wouldn't want to speculate on that," Grzymkowski said.

Schneier and Pescatore said they were worried about the security of other Windows-based Diebold appliances--voting machines, which run Windows CE.

But a Diebold representative said the company's voting machines are not used on a network, so "that is currently not an issue."

Story Copyright  © 2003 Reuters Limited.  All rights reserved.

Posted by glenn at December 9, 2003 09:07 AM | TrackBack
Comments
Post a comment