Nachi worm infected Diebold ATMs
Kevin Poulsen, SecurityFocus 2003-11-24
The Nachi worm compromised Windows-based automated teller machines at two financial institutions last August, according to ATM-maker Diebold, in the first confirmed case of malicious code penetrating cash machines.
The machines were in an advanced line of Diebold ATMs built atop Windows XP Embedded, which, like most versions of Windows, was vulnerable to the RPC DCOM security bug exploited by Nachi, and its more famous forebear, Blaster.
At both affected institutions the ATMs began aggressively scanning for other vulnerable machines, generating anomalous waves of network traffic that tripped the banks' intrusion detection systems, resulting in the infected machines being automatically cut off, Diebold executives said.
"The outbound traffic from the ATM was stopped -- limited, from a network standpoint -- and effectively isolated," said Nick Billett, Diebold's director of software engineering. "In many cases, the machines were cleaned up that day."
more-
http://www.securityfocus.com/news/7517