Stuxnet is the most high-profile piece of malware crashing Windows 95 and 98

At the RSA Conference 2015  held in San Francisco, it was announced that Stuxnet could have blown its cover and failed its sabotage mission due to a bug that allowed it to spread to ancient Windows boxes, malware analysts reckon.

The malware ruined Iran’s Natanz uranium enrichment facility by subtly wrecking computer-controlled fuel centrifuges.

Stuxnet had to remain undetected to the Iranians or else it would have ruined the operation. Regrettably, a programming fault would have allowed it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.

“Stuxnet could have been over before it started by crashing Windows 95 and Windows 98 systems,” Leder told the RSA security conference in San Francisco on Thursday.

“Unfortunately, someone had a bad day when they programmed Stuxnet, and swapped the characters and the result was that it was checking ‘or’ … which resulted in it installed on any version of Windows, even Windows 95 and 98 which were not supported.

At last, Stuxnet was able to successfully devastate the centrifuges before it was discovered in 2010. Stuxnet is just the most high-profile piece of malware in which the pair has found bugs. The duo said a programming error in the Conficker worm slashed its potential victim base.

Conficker, which attacked Windows machines across networks and the internet, should have infected nearly everybody. Instead, it could only scan a quarter of the entire IPv4 addresses due to a bug in the way it generated addresses at random.

Werner said at the RSA conference:

“If you sequentially attack victims, that are easily detected, so these guys did it a bit smarter, and chose addresses by random.”

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...