Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Nachi worm infected Diebold ATMs

Nov 24, 2003 11:56AM PST

he Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines.

The machines were in an advanced line of Diebold ATMs built atop Windows XP Embedded, which, like most versions of Windows, was vulnerable to the RPC DCOM security bug exploited by Nachi, and its more famous forebear, Blaster.

At both affected institutions the ATMs began aggressively scanning for other vulnerable machines, generating anomalous waves of network traffic that tripped the banks' intrusion detection systems, resulting in the infected machines being automatically cut off, Diebold executives said.

A patch for the critical RPC DCOM hole had been available from Microsoft for over a month at the time of the attack, but Diebold had neglected to install it in the infected machines. Billett defended the company's patching process, which he said involves testing each new bug fix, and deploying at a wide variety of institutions with a mix of network architectures. "A lot of those machines actually have to be visited by a service technician" to be patched, said Billett. "Our experience in the past is we are able to turn those around in one or two days."

http://www.securityfocus.com/news/7517

Discussion is locked

- Collapse -
Re:Nachi worm infected Diebold ATMs
Nov 24, 2003 11:58AM PST

Correction:

he Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines.

Should be:

The Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines.

Grin

- Collapse -
Expect those Movie Ticket dispensers to do same.
Nov 24, 2003 12:16PM PST

The units I know of are Windows 2000 based. Which is why I worry about the XBOX. The XBOX is Windows 2000 based and I am not assured that it will survive some bug. Not that a bug will target the XBox exclusively, but being x86 and Windows 2000 based, the issue of monoculture units raises the possbility of a wipe-out.

Bob