Errant AntiVirus Definition Brings Down Railway LANs

Event Year: 2005 Reliability: Confirmed
Country: Japan
Industry Type: Transportation

An errant virus definition distributed by a anti-virus PC software company, Trend Micro, caused a large scale disruption the reservation division of railway company JR East. The software company’s automatic update site in the Philippines released a new virus definition file for its Virus Buster anti-virus software which was not adequately tested. This file was picked up by many users in Japan and abroad who either automatically or manually invoked the virus definition update function of the software. Windows XP SP2 and Windows 2003 server users with this software installed who updated their definition file AND rebooted the PC after the update (as suggested by the software) saw the CPU usage go up to 100% immediately after booting and could not control their systems.
on their PCs. (#1)


The JR railway reservation division could not check the status of the reservation system. Agents diverted all telephone customers to manned counters at railway stations. (#1)

LANs became unaccessible at the reservation division of railway company JR East. The company put the user
number around 10 million individual users. (#2)