On BNET: Make cool hacks for Google Maps
BNET Business Network:
BNET
TechRepublic
ZDNet
122 TalkBacks

Posted on ZDNet News: Dec 9, 2003 4:30:00 AM

Reuters Logo Automated teller machines at two banks running Microsoft's popular Windows software were infected by a computer virus in August, the maker of the machines said Monday.

The ATM infections, first reported by SecurityFocus.com, are believed to be the first of a computer virus wiggling directly onto cash machines.

Computer security experts predicted more problems to come as Windows migrates to critical systems consumers rely on.

An unknown number of ATMs running Windows XP Embedded were shut down during the spread of the so-called Nachi worm, said executives at Diebold, which made the ATMs and refused to name the customers affected.

The Nachi worm, also dubbed "Welchia," was written to clean up after the MSBlast, or Blaster, worm. Instead it crippled or congested networks around the world, including the check-in system at Air Canada. Both worms spread through a hole in Windows XP, 2000, NT and Server 2003.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.

In January, the SQL Slammer worm led to technical problems that temporarily kept Bank of America's customers from their cash, but did not directly cause the ATM outage.

"It's a harbinger of things to come," said Bruce Schneier, chief technical officer of network monitoring company Counterpane Internet Security.

"Specific-purpose machines, like microwave ovens and until now ATM machines, never got viruses," said Schneier, author of "Beyond Fear: Thinking Sensibly About Security in an Uncertain World." "Now that they are using a general purpose operating system, Diebold should expect a lot more of this in the future," he said.

John Pescatore, an analyst at Gartner, agreed.

"It's a horrendous security mistake," he said of specific-purpose machines like ATMs running Windows, which is written for general-purpose computers and for which Microsoft releases security fixes on a regular basis. "I'm a lot more worried about my money than I was before this."

Diebold switched from using IBM's OS/2 on its ATMs because banks were requesting Windows, said Steve Grzymkowski, senior product marketing manager at Diebold.

"They have been asking us to ship ATMs with Windows because of the graphics capabilities. They want a common look between the ATMs and Web-banking sites," he said. "Another advantage is they are familiar with Windows."

To help prevent future problems Diebold is shipping ATMs with firewall software designed to block out viruses and other attacks, he said.

"As far as it happening again, I wouldn't want to speculate on that," Grzymkowski said.

Schneier and Pescatore said they were worried about the security of other Windows-based Diebold appliances--voting machines, which run Windows CE.

But a Diebold representative said the company's voting machines are not used on a network, so "that is currently not an issue."

Story Copyright  © 2003 Reuters Limited.  All rights reserved.

Story Copyright © 2003 Reuters Limited. All rights reserved.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 122 Talkback(s)
I agree !10000%...
Windows for the home and office, desktop...and that is pushing it, high maintenace... Just about any other OS for mission critical. Unix is my choice, or some of the mainframe OS's that are still with... (Read the rest)
Posted by: theguru1995@... Posted on: 08/05/09 You are currently: a Guest | | Terms of Use
Overblown problem  Mike Cox | 12/09/03
How to Start a Bank Run  Yen_z | 12/09/03
I can't wait for Windows to power heart-monitoring equipment  ordaj@... | 12/09/03
Windows Pacemaker  Mark Gist | 12/09/03
Please do not give them new ideas!  michael-t | 12/09/03
My fake leg  NemesisNL | 12/09/03
try walking  engel000 | 12/09/03
its a win win situation Mike  nite_w0lf | 12/09/03
it's a win----  beepster | 12/09/03
oh yeah?  engel000 | 12/09/03
Sacrificing security for glitz ...  George Mitchell | 12/09/03
Sorry Cox, but you need serious help  shawkins | 12/09/03
Sorry Cox, but you need serious help  SC-man | 12/09/03
Use Phil Hendrie Show as model  ejhonda | 12/09/03
Overblown Problem  Amadeus_z | 12/09/03
I agree !10000%...  theguru1995@... | 08/05/09
Why waste the time?  doctormoriarty | 12/09/03
Tres bien, M. Cox  Chris Moller | 12/09/03
Where's Bit to Bash on  nucrash | 12/09/03
Windows experience  jmeola75@... | 12/09/03
Bad case of incompetence here  sylvainhamel | 12/09/03
keep your XPerience  justauser | 12/09/03
Why?  llllaura@... | 12/09/03
Windows ATMs  dwightc_z | 12/09/03
This really isn't a problem  B.O.F.H. | 12/09/03
really?  engel000 | 12/09/03
You order your MCSE to look....  theguru1995@... | 08/05/09
Viewing everything as a nail...  John CarrollZDNet Moderator | 12/09/03
If I had a hammer ...  Aphelion | 12/09/03
Come on John!  Mack DaNife | 12/09/03
Let us remember...  MalumRegnat | 12/09/03
Whose Money?  Alias KEP | 12/09/03
CORRECTION!!!!  DragonBRockin | 12/10/03
I really hope you are kidding  Patrick Jones | 12/09/03
I hope you're kidding...  avdp | 12/09/03
Huh?!  Taz_z | 12/09/03
John, you forgot...  stephen732@... | 12/09/03
Forest for the Trees  Robert Crocker | 12/09/03
Yes!  doctormoriarty | 12/09/03
Nail on the Head - Or Hidden Agenda of Internet Article Writers  Da_Bobcee | 12/09/03
Good point  John CarrollZDNet Moderator | 12/10/03
For you, Windows is a hammer, and every possible problem is a nail  DonnieBoy | 12/09/03
You need to slightly adjust your allegory.  eigerface002 | 12/09/03
At least Mke Cox is (mostly) funny  michael-t | 12/09/03
Come on John...  ryusen | 12/09/03
Windows isn't ready  issthatso | 12/09/03
Window's contribution  Aphelion | 12/09/03
Irrelevent?  chrichton99 | 12/09/03
basing your product on M$ software is unwise  Aphelion | 12/09/03
Actually not  dscherf | 12/09/03
Can you elaborate pls?  michael-t | 12/09/03
Sorry for not remembering  dscherf | 12/10/03
SMS 2003 + SUS  jjworleyeoe | 12/09/03
SMS 2003 + SUS  jjworleyeoe | 12/09/03
A Quote...  Yen_z | 12/09/03
truth be told  Arrg | 12/09/03
Use SUS - it's Free  john public | 12/09/03
Free! my you know what!  Arrg | 12/09/03
additional cost  ryusen | 12/09/03
Not the same environment  StorageGuru | 12/09/03
What THE HELL?  Yen_z | 12/10/03
Working as advertised?  WhoIsDaMan | 12/09/03
Time to dump Windows  kiddpeat | 12/09/03
Windows will never be ready  WizWom_z | 12/09/03
ZDNet Today ~ Did Blaster cause the Blackout?  Aphelion | 12/10/03
ATM + Diebold  crocd | 12/09/03
It's Windows XP Embedded  voska | 12/09/03
XP embedded is XP. Contains IE  Robert Carnegie | 12/09/03
http://www.microsoft.com/windows/embedded/xp/default.asp  Robert Carnegie | 12/09/03
windows on a atm machine?  JWatson77 | 12/09/03
Stupid banks, stick with Linux  FilledOut | 12/09/03
Never?  pschroeder@... | 12/09/03
Firewall?  WizWom_z | 12/09/03
Incorrect  dscherf | 12/10/03
Linux never compromised?  pete.cook | 12/10/03
What bank  Joe Blow_z | 12/09/03
banks?  pschroeder@... | 12/09/03
ATMs on a network  pschroeder@... | 12/09/03
proper specs...  ryusen | 12/09/03
Read The Text...  dwightc_z | 12/09/03
"wanted"  pschroeder@... | 12/10/03
(NT) The Royal Bank of Canada is one.  Update victim | 12/09/03
Wow, did not know anybody was that STUPID  DonnieBoy | 12/09/03
Real question...  JJ_z | 12/09/03
yes, but  ryusen | 12/09/03
The King and the Toaster...  Atlant | 12/09/03
Cook yourself  Chris Moller | 12/09/03
and the mral is:  ryusen | 12/09/03
Diebold has no business making ATMs  AxleMunshine | 12/09/03
At last, some clarity amid the fog of zealots  John Dulles | 12/09/03
Solution  Update victim | 12/09/03
What IDIOT ....  Rick Blair | 12/09/03
And some states want Diebold to make their voting machines?  JerryPM | 12/09/03
Look And Learn - A trip to the ATM  jellyclock | 12/09/03
ATM and networks  crocd | 12/09/03
Who is going to notify the Gentoo and Debian Users?  John Dulles | 12/09/03
Wrong Article.  michael-t | 12/09/03
ATMs on a network  pschroeder@... | 12/09/03
ATM's on a public network???  TheSlumlord | 12/09/03
Diebold OUT of voting  truthiness | 12/09/03
Diebold... Amen bro'  steve@... | 12/09/03
Agree, but  Update victim | 12/09/03
But if ........  cammobus@... | 12/09/03
That's not the problem, the problem is with the fools  AxleMunshine | 12/10/03
It was only a matter of time, ofcourse.  michael-t | 12/09/03
Hell you dont need that  cammobus@... | 12/09/03
Some people must be looking forward to MS-ATMs  michael-t | 12/09/03
ATMs Moving To Window sure open a can worms eh?  voska | 12/09/03
firewall - a little late  daytripper | 12/09/03
Windows NT 4.0  junkmail_z | 12/09/03
Windows on an ATM machine?  lefty78312 | 12/09/03
Diebold? Voting Machines!  steve@... | 12/09/03
Wrong change  Update victim | 12/09/03
Yes, but  binarybabe | 12/09/03
Want a GUI?  Dave P. | 12/09/03
GUI on an ATM?  Sunny Jalolly | 12/09/03
And M$ wants to control my car too?  DarthRidiculous | 12/09/03
Next: mouse & chat program  jlvaldes@... | 12/09/03
Mission critical != Windows; Secure != Windows;  Serio U Sly | 12/09/03
serves them right for using Microsoft Junk  claytonmuhler | 12/09/03
Have you ever noticed that...  The Real Bitch | 12/10/03
Perhaps ATMs are starting to use...  The Real Bitch | 12/10/03

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here