Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Windows Bug Security United States Politics

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign 93

mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.
This discussion has been archived. No new comments can be posted.

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign

Comments Filter:
  • by garyisabusyguy ( 732330 ) on Friday April 24, 2015 @07:28PM (#49548675)

    because it is buggy code that is written with poor security that allows things like this to spread in the first place

  • Windows !!! (Score:3, Interesting)

    by denisbergeron ( 197036 ) <[DenisBergeron] [at] [yahoo.com]> on Friday April 24, 2015 @07:53PM (#49548769)

    WTF anti-american country use a OS developed in the US ?
    Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Friday April 24, 2015 @08:09PM (#49548841)
      Comment removed based on user account deletion
      • by Anonymous Coward

        They're on Windows because the customer knows best and the customers for SCADA systems demand Windows. The vast majority of players in that business are primarily targetting Windows.

      • On Linux the attack would have faced a lot more challenges though.
        No autoplay (which was the core attack vector) and you'd hope the SCADA software would run as it's own user under Linux which isn't possible with Windows.

        • Comment removed based on user account deletion
        • Re:Windows !!! (Score:5, Insightful)

          by Baloroth ( 2370816 ) on Friday April 24, 2015 @09:28PM (#49549133)

          Stuxnet used multiple zero-day flaws across several different kinds of hardware (not all of which were even PCs). Once you get into that advanced an attack, the underlying OS becomes much less important: all software has flaws in it, and if you know where the flaws are, you can exploit them. And those flaws are there (remember Shellshock [wikipedia.org], anyone?), except in the most basic purpose-specific programming (and even then, there are often flaws). Using Windows opens you up to more generic attacks, especially if you deliberately lower (or don't use) Window's defenses for ease of use (much as using root for everything in Linux does), but against targeted well-funded attacks you should assume they're more or less equally vulnerable.

        • It's impossible? So when I right click and choose "Run as different user" do I have some magical version of Windows?

          • You are clearly clueless about how Linux does it, and yes Windows can not do it.

            On my servers, the DNS server runs under it's own user. It can't touch anything it isn't supposed to. The mail server runs under it's own. The web server runs under it's own. Hell even the server monitoring software runs under it's own user.

            This is by default with nothing further to do - No service can muck with stuff it isn't allowed to, and even if there was autoplay on USB sticks, nothing on that USB stick could touch any of

        • Re: (Score:3, Interesting)

          Comment removed based on user account deletion
          • If we are talking found and reported vulnerabilities, then yes, Linux has more. Although notably, even grouping together all Linux kernel vulnerabilities regardless of version the number of HIGH vulnerabilities is not higher than the number of HIGH vulnerabilities in Windows 8.1.

            But then, it's a lot easier to get fewer vulnerabilities when dropping support for one of the most used OS'es on the planet. Although XP is only on about 14% of all PC's now [malwarebytes.org], it appears. And now support for Windows 8.1 is dropped as [theconversation.com]

            • Comment removed based on user account deletion
              • How many vulnerabilities is there in Ubuntu 6?

                39 total vulnerabilities, 7 high severity, 27 medium severity, 5 low severity.

                http://www.gfi.com/blog/most-v... [gfi.com]

                Debian Sid?

                Couldn't find that. It's in NVD though, if you're really interested.

                https://nvd.nist.gov/ [nist.gov]

                Windows XP is FIFTEEN YEARS OLD

                No it's not. It's still under development, and there is almost nothing left of the codebase from the original XP when you have patched up an XP install.

                Otherwise Linux is TWENTYFOUR YEARS OLD, but you know, writing that in all caps as if it means something just seems silly. Because it is.

                And hardly any of the

    • by Anonymous Coward

      I don't like the United States of America, yet I still use Windows.

    • Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      For the same reason nobody wants to use Linux or OSX. Software.

    • Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      Because their UI is shit? I mean it's 2015, and Linux still hasn't made any headway onto the desktop...

      • Do you consider the Windows interface with 2 desktops paradigm better than Mate or Cinnamon than have ± the same interface of XP or do you consider the OsX with a dock copied from early Sun/CDE desktop better, design retaked by Gnome or Unity but with a better use of the wide screen ?

      • As compared to the UI regressions on the Windows and Mac side over the past few years? Granted, some of the popular Linux desktops also have similar problems, but at least in the Linux world you have a choice as to what desktop you want to use.

  • Bug in their bug (Score:4, Insightful)

    by tomhath ( 637240 ) on Friday April 24, 2015 @08:11PM (#49548849)

    We've noticed that the slide showing the Stuxnet disassembly doesn't support Werner and Leder's comments regarding the worm and Windows 9x

    It appears they misunderstood the code they were looking at. But another quote earlier in the story is more relevant anyway:

    either the worm couldn't find any old Windows boxes, or perhaps the Iranian boffins were used to Windows 95 and 98 falling over anyway

    Really, who would be surprised by a blue screen from a Windows 95 box?

    • by account_deleted ( 4530225 ) on Friday April 24, 2015 @08:21PM (#49548897)
      Comment removed based on user account deletion
      • Really, who would be surprised by a blue screen from a Windows 95 box?

        The giveaway was probably when the blue screen was replaced with CIA's logo and the text "All your base are belong to us."

        Ah yes, the precursor to "I'm all about that bass." Damn you - now I can't get that techno out of my head!

    • I remember W95 well, and I can tell you it would raise a lot more suspicions if it didn't bluescreen regularly. Serioulsy, I recall having to recover from BSODs multiple times per day (no exaggeration.)
      • Yeah, I remember. At one point, it got so bad I counted the BSODs. The record was 15, in an 8 hour day.

  • by roc97007 ( 608802 ) on Friday April 24, 2015 @08:27PM (#49548921) Journal

    That hadn't occurred to me before -- keep a Windows 95 box on the network as a canary, expecting it to crash if there is an intruder on the network.

    Only problem might be too many false positives.

  • This hadn't occurred to me before. I wonder if viruses are the reason those stupid bottle deposit machines are always out of order. I swear to Fudd, I've seen them reboot, usually just as I'm dumping in the last bag of soft drink cans, and they display the Windows 98 splash screen.

  • If a Win 95 box failed to produce at least a few BSODs a week, especially when something really important was being done with it...now that would have been suspicious.

  • Its the term the people who did this would use if it happened to them.... funny calling it a campaign when, by their own definitions, it was an attack. Shit, if they did similar, it might even be trumped up as an act of war.

  • If it's the choice between a blue screen and a brown mushroom...

Trap full -- please empty.

Working...