Monday, 27 September 2010

First Great Western ticket machines rooted?

I was in Paddington Station recently and went to pick up tickets at one of the machines. I noticed that it was out of service but there was an interesting window in the bottom right hand corner:

Interesting I thought, maybe a standard virus scan, so I took a closer look:

They are running a Downadup (otherwise known as Confiker) removal tool, I watched for a little bit longer and noticed that someone was running pcAnywhere, and there was a real human running this remotely. They rebooted after the scan and I noticed that they were running Windows 2000.

So here is what I see wrong with this:
  1. They are running Windows 2000 (not embedded Windows, but full Windows)
  2. They obviously have had infections because they are not scanning, but running a removal tool
  3. The machines can be remotely accessed via a remote control software
  4. These machines have personal information in them and in particular: they have a credit card reader with PIN pad.
This means that some of these machines have been rooted by a trojan horse and Windows 2000 can't be patched because it is not supported by Microsoft.

No comments:

Post a comment