CONTINUE TO SITE »
or wait 15 seconds

News

Invasion on ATM OS shut down machines in August

November 25, 2003

NORTH CANTON, Ohio - ATMs belonging to two financial institutions were shut down when the computer worm Welchia invaded their embedded Windows XP operating systems in August. Diebold, manufacturer of the machines, revealed the security breach on Nov. 25, according to a report in New Scientist.

It is the first known case of a worm installing itself on individual ATM operating systems, said Peter Lind, a security expert at Spire Security in Malvern, Penn. Earlier in 2003, the Blaster worm shut down Bank of America ATMs, but only by causing a flood of traffic that clogged the network's bandwidth.

In the Welchia case, the only harm done was that the traffic generated by the worm trying to contact other machines shut down the ATMs.

To infect the ATMs, Welchia exploited a vulnerability in Windows XP called RPC DCOM. Diebold adapted Microsoft's RPC DCOM patch for its ATMs and offered it to its customers. But the two financial institutions did not apply the patch and were infected, said Diebold spokesperson Mike Jacobsen.

Diebold does not know how the worm made it to the closed financial network. But security experts suggest it could have been carried on an infected laptop computer. The laptop would have contracted Welchia while connected to the Internet, and then transferred it when later connected to the financial network.

The worm, also known as Nochi, was not particularly malicious. But it is indicative of a worrying trend, Lind told New Scientist.

"Nowadays it seems that any device that supports any kind of networking is opening the door to access and sometimes that access might be malicious," he said.

Programming an ATM to spew out cash would require access to the private source code that controls the mechanical opening and shutting of the machine. But someone might be able to use a worm that exploited a vulnerability to gain access to that source code, Lind said.

"It doesn't strike me as outside the realm of possibility, although it is a little far-fetched," he said.

Diebold's will install all new ATMs with firewall software, beginning in December. (See related story Diebold and Sygate to boost security for Windows-based ATMs)

Included In This Story

Diebold Nixdorf

As a global technology leader and innovative services provider, Diebold Nixdorf delivers the solutions that enable financial institutions to improve efficiencies, protect assets and better serve consumers.

Request Info
Learn More

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Featured Vendor

Simple | Secure | Service | Solutions. From ATM sales, support, and service to enterprise security solutions with Next Generation technology. ‍Think CSG First. We Make it Happen!

Learn More
Recent Posts
Former Comptroller of the Currency joins ModernFi board
Honolulu police investigating gunpoint ATM robbery
Bank of England softens tone on stablecoins, say they should be regulated
Ross, Pennsylvania Chase ATM set ablaze for alleged anti-government protest
4 strategies for Independent ATM Deployers


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'