Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Mon, 24 Nov 2003 15:26:48 -0800
From: "Kevin L. Poulsen" <klp@xxxxxxxxxxxxxxxxx>
Subject: Nachi worm infected Diebold ATMs
To: 'Dave Farber' <farber@xxxxxxxxxxxxx>
Nachi worm infected Diebold ATMs
By Kevin Poulsen, SecurityFocus
The Nachi worm compromised Windows-based automated teller machines at
two financial institutions last August, according to ATM-maker Diebold,
in the first confirmed case of malicious code penetrating cash machines.
The machines were in an advanced line of Diebold ATMs built atop Windows
XP Embedded, which, like most versions of Windows, was vulnerable to the
RPC DCOM security bug exploited by Nachi, and its more famous forebear,
Blaster.
At both affected institutions the ATMs began aggressively scanning for
other vulnerable machines, generating anomalous waves of network traffic
that tripped the banks' intrusion detection systems, resulting in the
infected machines being automatically cut off, Diebold executives said.
http://www.securityfocus.com/news/7517