Be the first!
 
 
0
0

NORTH CANTON, Ohio - ATMs belonging to two financial institutions were shut down when the computer worm Welchia invaded their embedded Windows XP operating systems in August. Diebold, manufacturer of the machines, revealed the security breach on Nov. 25, according to a report in New Scientist.

It is the first known case of a worm installing itself on individual ATM operating systems, said Peter Lind, a security expert at Spire Security in Malvern, Penn. Earlier in 2003, the Blaster worm shut down Bank of America ATMs, but only by causing a flood of traffic that clogged the network's bandwidth.

In the Welchia case, the only harm done was that the traffic generated by the worm trying to contact other machines shut down the ATMs.

To infect the ATMs, Welchia exploited a vulnerability in Windows XP called RPC DCOM. Diebold adapted Microsoft's RPC DCOM patch for its ATMs and offered it to its customers. But the two financial institutions did not apply the patch and were infected, said Diebold spokesperson Mike Jacobsen.

Diebold does not know how the worm made it to the closed financial network. But security experts suggest it could have been carried on an infected laptop computer. The laptop would have contracted Welchia while connected to the Internet, and then transferred it when later connected to the financial network.

The worm, also known as Nochi, was not particularly malicious. But it is indicative of a worrying trend, Lind told New Scientist.

"Nowadays it seems that any device that supports any kind of networking is opening the door to access and sometimes that access might be malicious," he said.

Programming an ATM to spew out cash would require access to the private source code that controls the mechanical opening and shutting of the machine. But someone might be able to use a worm that exploited a vulnerability to gain access to that source code, Lind said.

"It doesn't strike me as outside the realm of possibility, although it is a little far-fetched," he said.

Diebold's will install all new ATMs with firewall software, beginning in December. (See related story Diebold and Sygate to boost security for Windows-based ATMs)


Reader Comments

Add a Comment

We welcome your thoughtful comments. All comments will display your real name.

Want to participate in the discussion?

Or log in for complete access.

  • Clear
  • Post
Be the first to post a comment for this story.
Sponsored by:

Features

Sponsored by:

News

Blogs

Products & Services

NationalLink Tranax MiniBank C4000

http://global.networldalliance.com/new/images/products/mbC4_100.gif

1093/NationalLink-Tranax-MiniBank-C4000

Imaging Solutions

http://global.networldalliance.com/new/images/products/Imaging_Solutions_100.gif

1086/Imaging-Solutions

CUSTOM's TG2460II - Small Ticket Dispenser

http://global.networldalliance.com/new/images/products/TG2460II_100px.jpg

1236/CUSTOM-s-TG2460II-Small-Ticket-Dispenser

ATM Surrounds

http://global.networldalliance.com/new/images/products/blank_logo.jpg

656/ATM-Surrounds

ATM Security Solutions – Checker ATM Security

http://global.networldalliance.com/new/images/products/LogoCHECKER.gif

3746/ATM-Security-Solutions-Checker-ATM-Security

Banking Kiosk—K20

http://global.networldalliance.com/new/images/products/K20.png

3741/Banking-Kiosk-K20

Depository ATM

http://global.networldalliance.com/new/images/products/Itautec_IW1301.gif

736/Depository-ATM

Personalization & targeted marketing on the ATM channel - NCR APTRA …

http://global.networldalliance.com/new/images/products/NCR_logo_Pantone_100.gif

3716/Personalization-Relate

The TIO Biller Opportunity

http://global.networldalliance.com/new/images/products/tio.gif

604/The-TIO-Biller-Opportunity

Cassettes maintenance

http://global.networldalliance.com/new/images/products/blank_logo.jpg

1237/Cassettes-maintenance

Related Content
Request Information From Suppliers
Save time looking for suppliers. Complete this form to submit a Request for Information to our entire network of partners.