Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×
Windows Bug Security United States Politics

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign 93

mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.
This discussion has been archived. No new comments can be posted.

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign

Comments Filter:
  • by garyisabusyguy ( 732330 ) on Friday April 24, 2015 @08:28PM (#49548675)

    because it is buggy code that is written with poor security that allows things like this to spread in the first place

  • Windows !!! (Score:3, Interesting)

    by denisbergeron ( 197036 ) <DenisBergeron.yahoo@com> on Friday April 24, 2015 @08:53PM (#49548769)

    WTF anti-american country use a OS developed in the US ?
    Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

    • Re:Windows !!! (Score:5, Insightful)

      by Shakrai ( 717556 ) on Friday April 24, 2015 @09:09PM (#49548841) Journal

      Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      Ask Siemens. They designed the equipment the Iranians are using and wrote most of the control software to operate in a Windows environment. Not that it would have mattered, once you've got an agency with the resources of CIA or Mossad after you it's only a matter of time before they find a way in. Linux is not proof against malware delivered via HUMINT assets.

      • by Anonymous Coward

        They're on Windows because the customer knows best and the customers for SCADA systems demand Windows. The vast majority of players in that business are primarily targetting Windows.

      • On Linux the attack would have faced a lot more challenges though.
        No autoplay (which was the core attack vector) and you'd hope the SCADA software would run as it's own user under Linux which isn't possible with Windows.

        • by Shakrai ( 717556 )

          No autoplay (which was the core attack vector) and you'd hope the SCADA software would run as it's own user under Linux which isn't possible with Windows.

          ???

        • Re:Windows !!! (Score:5, Insightful)

          by Baloroth ( 2370816 ) on Friday April 24, 2015 @10:28PM (#49549133)

          Stuxnet used multiple zero-day flaws across several different kinds of hardware (not all of which were even PCs). Once you get into that advanced an attack, the underlying OS becomes much less important: all software has flaws in it, and if you know where the flaws are, you can exploit them. And those flaws are there (remember Shellshock [wikipedia.org], anyone?), except in the most basic purpose-specific programming (and even then, there are often flaws). Using Windows opens you up to more generic attacks, especially if you deliberately lower (or don't use) Window's defenses for ease of use (much as using root for everything in Linux does), but against targeted well-funded attacks you should assume they're more or less equally vulnerable.

        • It's impossible? So when I right click and choose "Run as different user" do I have some magical version of Windows?

          • You are clearly clueless about how Linux does it, and yes Windows can not do it.

            On my servers, the DNS server runs under it's own user. It can't touch anything it isn't supposed to. The mail server runs under it's own. The web server runs under it's own. Hell even the server monitoring software runs under it's own user.

            This is by default with nothing further to do - No service can muck with stuff it isn't allowed to, and even if there was autoplay on USB sticks, nothing on that USB stick could touch any of

        • Re: (Score:3, Interesting)

          by hairyfeet ( 841228 )
          Sigh...Linux has more vulnerabilities than Windows by 3 to 1 in 2014 [zdnet.com], Windows beats iOS, OSX, and Linux in least number of vulnerabilities in 2014 [betanews.com], and how to write a Linux virus in 5 easy steps [geekzone.co.nz] targeting the same weakness that more than 90% of malware target, the user...HAND.
          • If we are talking found and reported vulnerabilities, then yes, Linux has more. Although notably, even grouping together all Linux kernel vulnerabilities regardless of version the number of HIGH vulnerabilities is not higher than the number of HIGH vulnerabilities in Windows 8.1.

            But then, it's a lot easier to get fewer vulnerabilities when dropping support for one of the most used OS'es on the planet. Although XP is only on about 14% of all PC's now [malwarebytes.org], it appears. And now support for Windows 8.1 is dropped as [theconversation.com]

            • How many vulnerabilities is there in Ubuntu 6? Debian Sid? Windows XP is FIFTEEN YEARS OLD and was designed to run on a Pentium II 400MHz with 128MB of RAM. If they are too damned cheap to upgrade or replace a PC that is a decade plus old why should that be MSFT's problem? Apple doesn't support the G3s and G4s either but you don't see anybody trying to claim that as any "proof" of anything.

              As for your other point its nothing but moving the goalposts [wikipedia.org] and therefor meaningless, because we both know if the nu

              • How many vulnerabilities is there in Ubuntu 6?

                39 total vulnerabilities, 7 high severity, 27 medium severity, 5 low severity.

                http://www.gfi.com/blog/most-v... [gfi.com]

                Debian Sid?

                Couldn't find that. It's in NVD though, if you're really interested.

                https://nvd.nist.gov/ [nist.gov]

                Windows XP is FIFTEEN YEARS OLD

                No it's not. It's still under development, and there is almost nothing left of the codebase from the original XP when you have patched up an XP install.

                Otherwise Linux is TWENTYFOUR YEARS OLD, but you know, writing that in all caps as if it means something just seems silly. Because it is.

                And hardly any of the

    • by Anonymous Coward

      I don't like the United States of America, yet I still use Windows.

    • Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      For the same reason nobody wants to use Linux or OSX. Software.

    • Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      Because their UI is shit? I mean it's 2015, and Linux still hasn't made any headway onto the desktop...

      • Do you consider the Windows interface with 2 desktops paradigm better than Mate or Cinnamon than have ± the same interface of XP or do you consider the OsX with a dock copied from early Sun/CDE desktop better, design retaked by Gnome or Unity but with a better use of the wide screen ?

      • As compared to the UI regressions on the Windows and Mac side over the past few years? Granted, some of the popular Linux desktops also have similar problems, but at least in the Linux world you have a choice as to what desktop you want to use.

  • Bug in their bug (Score:4, Insightful)

    by tomhath ( 637240 ) on Friday April 24, 2015 @09:11PM (#49548849)

    We've noticed that the slide showing the Stuxnet disassembly doesn't support Werner and Leder's comments regarding the worm and Windows 9x

    It appears they misunderstood the code they were looking at. But another quote earlier in the story is more relevant anyway:

    either the worm couldn't find any old Windows boxes, or perhaps the Iranian boffins were used to Windows 95 and 98 falling over anyway

    Really, who would be surprised by a blue screen from a Windows 95 box?

    • by Shakrai ( 717556 ) on Friday April 24, 2015 @09:21PM (#49548897) Journal

      Really, who would be surprised by a blue screen from a Windows 95 box?

      The giveaway was probably when the blue screen was replaced with CIA's logo and the text "All your base are belong to us."

      • Really, who would be surprised by a blue screen from a Windows 95 box?

        The giveaway was probably when the blue screen was replaced with CIA's logo and the text "All your base are belong to us."

        Ah yes, the precursor to "I'm all about that bass." Damn you - now I can't get that techno out of my head!

    • I remember W95 well, and I can tell you it would raise a lot more suspicions if it didn't bluescreen regularly. Serioulsy, I recall having to recover from BSODs multiple times per day (no exaggeration.)
      • Yeah, I remember. At one point, it got so bad I counted the BSODs. The record was 15, in an 8 hour day.

  • by roc97007 ( 608802 ) on Friday April 24, 2015 @09:27PM (#49548921) Journal

    That hadn't occurred to me before -- keep a Windows 95 box on the network as a canary, expecting it to crash if there is an intruder on the network.

    Only problem might be too many false positives.

  • This hadn't occurred to me before. I wonder if viruses are the reason those stupid bottle deposit machines are always out of order. I swear to Fudd, I've seen them reboot, usually just as I'm dumping in the last bag of soft drink cans, and they display the Windows 98 splash screen.

  • If a Win 95 box failed to produce at least a few BSODs a week, especially when something really important was being done with it...now that would have been suspicious.

  • Its the term the people who did this would use if it happened to them.... funny calling it a campaign when, by their own definitions, it was an attack. Shit, if they did similar, it might even be trumped up as an act of war.

  • If it's the choice between a blue screen and a brown mushroom...

"Laugh while you can, monkey-boy." -- Dr. Emilio Lizardo

Working...