Slashdot Mirror

← Back to Stories (view on slashdot.org)

Buggy Win 95 Code Almost Wrecked Stuxnet Campaign

Posted by timothy on from the when-governments-attack dept.

mask.of.sanity writes: Super-worm Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts say. Stuxnet was on the brink of failure thanks to buggy code allowing it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.

13 of 93 comments (clear)

  1. funny... by garyisabusyguy · · Score: 2

    because it is buggy code that is written with poor security that allows things like this to spread in the first place

    --
    Wherever You Go, There You Are
  2. Windows !!! by denisbergeron · · Score: 2, Interesting

    WTF anti-american country use a OS developed in the US ?
    Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

    --
    Ceci n'est pas une Signature !
    1. Re:Windows !!! by Shakrai · · Score: 5, Insightful

      Why they didn't use Linux, BSD, even the Russia or RedFlag version ?

      Ask Siemens. They designed the equipment the Iranians are using and wrote most of the control software to operate in a Windows environment. Not that it would have mattered, once you've got an agency with the resources of CIA or Mossad after you it's only a matter of time before they find a way in. Linux is not proof against malware delivered via HUMINT assets.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:Windows !!! by Shakrai · · Score: 3, Interesting

      The problem is that it isn't the easiest or most obvious thing to do.

      Yeah, it's like three or four whole mouse clicks to make it happen....

      C'Mon people, Microsoft does enough shit wrong, we don't need to make crap up.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:Windows !!! by Fire_Wraith · · Score: 4, Insightful

      No, you're thinking solely from a security perspective as a coder/engineer, and you're not the type that gets to make the decision of what to purchase. It's because their executives/managers were too cheap, and wanted the "cheap/easy" solution.

      Cost is a huge driver for these things, and is a large part of why Siemens and other SCADA/ICS manufacturers moved from entirely proprietary systems of the past, to using commercial off the shelf hardware for the Human-Machine Interface (HMI) and such.

      And what's the most common OS in business, the one that corporate is most familiar with, and the most likely for them to choose to put into pretty much anything? Why, Microsoft Windows.

    4. Re:Windows !!! by Baloroth · · Score: 4, Insightful

      Stuxnet used multiple zero-day flaws across several different kinds of hardware (not all of which were even PCs). Once you get into that advanced an attack, the underlying OS becomes much less important: all software has flaws in it, and if you know where the flaws are, you can exploit them. And those flaws are there (remember Shellshock, anyone?), except in the most basic purpose-specific programming (and even then, there are often flaws). Using Windows opens you up to more generic attacks, especially if you deliberately lower (or don't use) Window's defenses for ease of use (much as using root for everything in Linux does), but against targeted well-funded attacks you should assume they're more or less equally vulnerable.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    5. Re:Windows !!! by garyisabusyguy · · Score: 2

      This^ ++isTrue

      --
      Wherever You Go, There You Are
    6. Re:Windows !!! by hairyfeet · · Score: 2, Interesting

      Sigh...Linux has more vulnerabilities than Windows by 3 to 1 in 2014, Windows beats iOS, OSX, and Linux in least number of vulnerabilities in 2014, and how to write a Linux virus in 5 easy steps targeting the same weakness that more than 90% of malware target, the user...HAND.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    7. Re:Windows !!! by Opportunist · · Score: 2

      But ... but ... IT'S CHEAP!

      Hard economy trumps sentimentalist patriotism any time. Or when did you see the last US-Flag-flying, "U - S - A" chanting redneck reach for something "made in the U.S.A" when there's a Chinese knockoff available that's 10 cents cheaper?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  3. Bug in their bug by tomhath · · Score: 3, Insightful

    We've noticed that the slide showing the Stuxnet disassembly doesn't support Werner and Leder's comments regarding the worm and Windows 9x

    It appears they misunderstood the code they were looking at. But another quote earlier in the story is more relevant anyway:

    either the worm couldn't find any old Windows boxes, or perhaps the Iranian boffins were used to Windows 95 and 98 falling over anyway

    Really, who would be surprised by a blue screen from a Windows 95 box?

    1. Re:Bug in their bug by Shakrai · · Score: 5, Funny

      Really, who would be surprised by a blue screen from a Windows 95 box?

      The giveaway was probably when the blue screen was replaced with CIA's logo and the text "All your base are belong to us."

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
  4. Canary in a coal mine by roc97007 · · Score: 4, Insightful

    That hadn't occurred to me before -- keep a Windows 95 box on the network as a canary, expecting it to crash if there is an intruder on the network.

    Only problem might be too many false positives.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
    1. Re:Canary in a coal mine by Anonymous Coward · · Score: 2, Informative

      Get Windows 3.11 then. It's still on MSDN!
      Don't forget DOS 6.22 to go with it.
      Relive the wonders of AUTOEXEC.BAT and CONFIG.SYS hell.

      Opera 3 works as a browser.