The malware ruined Iran’s Natanz uranium enrichment facility by subtly wrecking computer-controlled fuel centrifuges.
Stuxnet had to remain undetected to the Iranians or else it would have ruined the operation. Regrettably, a programming fault would have allowed it to spread to PCs running older and unsupported versions of Windows, and probably causing them to crash as a result. Those blue screens of death would have raised suspicions at the Natanz nuclear lab.
“Stuxnet could have been over before it started by crashing Windows 95 and Windows 98 systems,” Leder told the RSA security conference in San Francisco on Thursday.
“Unfortunately, someone had a bad day when they programmed Stuxnet, and swapped the characters and the result was that it was checking ‘or’ … which resulted in it installed on any version of Windows, even Windows 95 and 98 which were not supported.
At last, Stuxnet was able to successfully devastate the centrifuges before it was discovered in 2010. Stuxnet is just the most high-profile piece of malware in which the pair has found bugs. The duo said a programming error in the Conficker worm slashed its potential victim base.
Conficker, which attacked Windows machines across networks and the internet, should have infected nearly everybody. Instead, it could only scan a quarter of the entire IPv4 addresses due to a bug in the way it generated addresses at random.
Werner said at the RSA conference:
“If you sequentially attack victims, that are easily detected, so these guys did it a bit smarter, and chose addresses by random.”