Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Nachi worm infected Diebold ATMs
Kevin Poulsen, SecurityFocus 2003-11-24

The Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines.

Comments Mode:
Nachi worm infected Diebold ATMs 2003-11-25
Anonymous (2 replies)
I wonder if the Diebold electronic voting machines are any better maintained......

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-25
Anonymous
They aren't. They're far worse to hear it told....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-26
Larry Seltzer (2 replies)
Actually, the poor maintenance (slow patching) is in many ways the lesser problem here. I'm astonished that the ATMs were somehow connected to a network where it was possible to be exposed to one of these worms. This latter problem is the fault of the financial institution. Couldn't they at least pu...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-26
Anonymous
"Couldn't they at least put a gateway antivirus product at the perimeter of the ATM network?"

It could be that the threat was internal. All it would take is someone plugging an infected Windows laptop into the network and bingo.

Perhaps Banks should look at dumping the nasty old Microsoft stuf...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-29
Anonymous
I agree. I can't believe that the networks these ATMs were connected to actually lent to the ability of a worm to find its way to the ATMs. If the ATMs are connected to a network than can feasibly be accessed by the Internet, there is, in my opinion, a far greater threat than worms exploiting vuln...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-25
Anonymous (1 replies)
Any way... the best move will be to upgrade the OS/2 ATMs to new OS/2 based ATM, that is, update what's working if you want somethiing new....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-26
Frank Sfalanga (1 replies)
OS/2 is no longer supported. IBM abandoned it a while back. It'd be nice if they open-sourced it though. That way financial institutions could continue to use it if they wanted - augmenting it too....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-28
Anonymous (2 replies)
Yah, that's just what I want, every tom, dick, and psycho out there to have a copy of the code that controls my money.

...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-29
Anonymous
Actually, that's exactly what you want. Look at what its done for the Open Source community, esp. Linux. I've thought about this for some time now. Open Sourcing, or moving to embedded Linux for example, could do nothing but help ATM operators and vendors....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-08
Tom Rowe
You would rather the machines run on an OS from a company where the CEO claims their software doesn't have bugs? Yes, Bill Gates did indeed say this a few years ago....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-26
Anonymous
www.blackboxvoting.org - Diebolds has some smart people working for them. Personally, I like the Internet-accesssible ATM's in my area.

Nothing wrong with free money....

[ more ]  [ reply ]
I wish Mr Poulsen could find out if the voting machines are also at risk. 2003-11-26
AnonVoter (1 replies)
ATMs are nothing compared to Democracy. Kevin, please dig deeper....

[ more ]  [ reply ]
Okay, so I'm not Kevin... 2003-12-05
Crystal Webb
Overview of Compuware voting machine analysis http://www.sos.state.oh.us/sos/hava/files/compuwarePress.pdf **(this is an 18 page slide presentation that does a good job of explaining the process used to conduct this threat/risk analysis. Very interesting, and a must read.)**...

[ more ]  [ reply ]
No Firewall?? 2003-11-27
Anonymous (1 replies)
You have to be kidding, even enabling the XP firewall would have avoided the need to have these servers patched. This is common sense for most educated home users, you would think a company that places windows on ATM machines would have a _basic_ understanding of securing a windows machine. He can d...

[ more ]  [ reply ]
No Firewall?? 2003-11-29
Anonymous (1 replies)
hahaha, ok I'm sorry but - enabling the "firewall" would only prevent certain methods of exploitation of the vulnerability!

YO GOOD WORK ON SMART SECURITY ADVICE!

"because the public exploit only reaches the bug in one way, that must the only possible attack vector"

...

[ more ]  [ reply ]
No Firewall?? 2003-12-01
Anonymous
And one of those "certian methods" would be the one use by Nachi, which would have prevented the infection. I am certianly not saying a firewall should be the only security measure, I am only saying it is both effective and obvious, and there is no escuse for not having one in place.

BTW, I fail...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-27
HG (1 replies)
Oh!,

I'm amazed at the way these articles are written throwing security aspects away....

How can anyone mention that the bank will have sygate firewall's installed, and now the creator of the worm may even think of some vulnerabilities with the firewall and exploit it(he might have had to go for d...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-04
Anonymous
Surely you can understand that good security doesn't mean "lets hide it all away". Security by obscurity isn't actually security at all. A good product will withstand even the source code being looked at!...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-27
Biff (2 replies)
Has anybody considered just dumping a known vulnerable OS like Windows (in any configuration) and moving to something more secure like MacOS X?...with the stinger phones, i just can't wait for the first cell phone hack with global impacts...all because business is so hung up on it drug style addicti...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-28
Anonymous
No OS is secure! Did you not know about the remote root exploit for MacOS X.. Oh yeah...

Any OS is only as secure as you make it, lets not forget about that!

Hell look what just happened to Debian!...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-02
Jimbo
Ummm, OS X is perhaps a bit heavy (and non-portable) for use in embedded hardware. A more traditional, portable, and flexible BSD variant like OpenBSD would be a muuuuuuch better idea.

Or even an embedded Linux distro, except that no way in hell are financial institutions going to touch Linux un...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-11-29
Anonymous
Simplest exploits work forever for Microsoft Products....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-01
hamster1
This sort of thing was inevitable. I am wondering why the ATM network was not isolated, from the rest of their network. Also why not use embedded Linux?. Testing patches is a good practice, but the time lag between when an exploit is first discovered, and when it is "patched" should be minimized....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-01
hamster1 (2 replies)
Just a quick follow-up. I noticed that the Diebold software called "Agilis" will ....

"Offer Internet content and transactions on your ATMs" and "Use Internet technologies like Web services and Microsoft .NET, XFS service providers, INvolve, and Microsoft Windows XP." Don't say I didn't warn you !....

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-04
Babylon
I am amazed that they are even using Windows for ATM's much less for voting machines. I mean can you think of anything less secure and less reiable for a mission-critical appication? Think about it: Would you want a Windows system running an air traffic contol station (I *really* hope that I am o...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-05
Babylon (1 replies)
I am amazed that they are even using Windows for ATM's much less for voting machines. I mean can you think of anything less secure and less reiable for a mission-critical appication? Think about it: Would you want a Windows system running an air traffic contol station (I *really* hope that I am o...

[ more ]  [ reply ]
Windows on ATM's 2003-12-08
Tom Rowe
Actually they *are* changing. People have become so enamored of bells and whistles that ATM's now have fancy graphics, sound, advertising, all kinds of crap on them.

When I go to an ATM, I want to get money. Period. but say goodbye to the quick text only fast machines. Now you have to wade through ...

[ more ]  [ reply ]
Nachi worm infected Diebold ATMs 2003-12-04
Anonymous
Why exactly were financial ATMs running from a stock install of windows anyway?

Why were the firewalls allowing non-essential (DCOM) traffic through anyway?

Its the big picture banks need to think about!!...

[ more ]  [ reply ]
Nachi worm infected Diebold (Windows based) ATMs 2003-12-08
Anonymous
I work for a bank making the headlong rush to Windows. Our OS/2 systems cost about 1/3 the cost to maintain as the typical bank Windows system. I do system and application software updates. Our Windows change control work load/requirements have become an absolute nightmare compared to OS/2 and MUCH ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus