[ISN] ATMs in peril from computer worms?

InfoSec News isn at c4i.org
Thu Oct 21 04:12:06 EDT 2004


By John Leyden
20th October 2004 

Some anti-virus firm are trying to carve out a new market for their
technology by trying to persuade that banks Automatic Teller Machines
(ATMs) running Windows need protecting from computer worms. Trend
Micro and Computer Associates have both identified this niche, but
some rivals question the immediate need for content filtering on cash

The new generation of Automatic Teller Machines (ATMs) are migrating
from the IBM OS/2 operating system to Microsoft Windows and IP
networks. This saves costs and enhances customer services. But it also
means that ATMs are now at risk from computer worms, according to
Trend Micro.

"Previously isolated cash machines can now be infected by
self-launching network viruses via the banks' IP networks. Infections
have the potential to bring down ATM machines, incurring downtime,
customer dissatisfaction and increased costs fixing infected
machines," it warns. Last August, the Nachi (Welchia) worm
contaminated the cash machines at two financial institutions. When the
Slammer virus hit the back end systems of the Bank of America in
January 2003, 13,000 US ATMs became unavailable.

Scary stuff. But never fear, Trend Micro is on hand to offer
assistance. The Japanese-based firm is launching hardware-based
network worm filtering technology specially designed for ATMs at a
conference later this month. As well as launching its Network
VirusWall 300 hardware, Trend will also be exhibiting at the annual
ATM security conference (ATM Sec 4) in London on 25 and 26 October.

Raimund Genes, European president of Trend Micro, said that 70 per
cent of ATMs are based on either XP or embedded XP. "That's the way
manufacturers are taking the ATM and ticketing machine market," he
said. "There really isn't much choice."

Computer Associates offers a software development kit that can be
applied to systems based on embedded XP. Genes argued that producing
AV systems for embedded XP terminals is far from straightforward:  
using existing enterprise content filtering gateways to protect ATMs
would be "overkill". Hardware-based network worm filtering, such as
Trend intends to launch offers a better approach, he argued.

But other security vendors question the need for the technology. Nigel
Hawthorn, of security appliance firm Blue Coat Systems, said that ATMs
commonly operate on a separate physical network, which is closed.  
"Sasser hit the back-end systems of banks, not ATM machines," he said.

David Emm, senior technology consultant at anti-virus supplier
Kaspersky, agrees. "The threat to ATMs is related to how closely they
are integrated with the outside world. Normally ATMS are kept on
separate systems. Online financial (ebanking) systems are far more at
risk," he said.

Trend's Genes said the barriers between the network used by ATMs and
the wider Internet are been lowered as banks switch from older
telecoms technologies to IP-based networks. He acknowledged that
widely deployed AV technology alone is failing to protect enterprises
from fast-spreading worms. But Trend's worm filtering tech would prove
far more successful in keeping cashpoints up and running in the face
of viral onslaught, he says.

More information about the ISN mailing list