Slashdot Mirror

← Back to Stories (view on slashdot.org)

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign

Posted by timothy on from the when-governments-attack dept.

mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.

5 of 93 comments (clear)

  1. Re:Windows !!! by Shakrai · · Score: 5, Insightful

    Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

    Ask Siemens. They designed the equipment the Iranians are using and wrote most of the control software to operate in a Windows environment. Not that it would have mattered, once you've got an agency with the resources of CIA or Mossad after you it's only a matter of time before they find a way in. Linux is not proof against malware delivered via HUMINT assets.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  2. Bug in their bug by tomhath · · Score: 3, Insightful

    We've noticed that the slide showing the Stuxnet disassembly doesn't support Werner and Leder's comments regarding the worm and Windows 9x

    It appears they misunderstood the code they were looking at. But another quote earlier in the story is more relevant anyway:

    either the worm couldn't find any old Windows boxes, or perhaps the Iranian boffins were used to Windows 95 and 98 falling over anyway

    Really, who would be surprised by a blue screen from a Windows 95 box?

  3. Canary in a coal mine by roc97007 · · Score: 4, Insightful

    That hadn't occurred to me before -- keep a Windows 95 box on the network as a canary, expecting it to crash if there is an intruder on the network.

    Only problem might be too many false positives.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  4. Re:Windows !!! by Fire_Wraith · · Score: 4, Insightful

    No, you're thinking solely from a security perspective as a coder/engineer, and you're not the type that gets to make the decision of what to purchase. It's because their executives/managers were too cheap, and wanted the "cheap/easy" solution.

    Cost is a huge driver for these things, and is a large part of why Siemens and other SCADA/ICS manufacturers moved from entirely proprietary systems of the past, to using commercial off the shelf hardware for the Human-Machine Interface (HMI) and such.

    And what's the most common OS in business, the one that corporate is most familiar with, and the most likely for them to choose to put into pretty much anything? Why, Microsoft Windows.

  5. Re:Windows !!! by Baloroth · · Score: 4, Insightful

    Stuxnet used multiple zero-day flaws across several different kinds of hardware (not all of which were even PCs). Once you get into that advanced an attack, the underlying OS becomes much less important: all software has flaws in it, and if you know where the flaws are, you can exploit them. And those flaws are there (remember Shellshock, anyone?), except in the most basic purpose-specific programming (and even then, there are often flaws). Using Windows opens you up to more generic attacks, especially if you deliberately lower (or don't use) Window's defenses for ease of use (much as using root for everything in Linux does), but against targeted well-funded attacks you should assume they're more or less equally vulnerable.

    --
    "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton