NEWS FROM THE LAB - Friday, August 20, 2010

Malware and Critical Infrastructure Posted by Mikko @ 12:53 GMT

"Computer viruses may have contributed to the Spanair passenger plane crash which killed 154 people in Madrid two years ago", reports the Spanish newspaper El Pais.

El Pais

"The Spanair central computer which registered technical problems in airplanes was not functioning properly because it had been contaminated by harmful computer programs", the magazine continues.

We cannot confirm whether malware played a part, nor do we know which particular malware it could have been. However, over the years, we have seen real-world infrastructure affected by computer problems. In most cases, this has been just a side effect; the malware behind the problem wasn't trying to take systems down, it just did.

This was especially bad in 2003, when we saw malware induced problems in real-life systems unprecedented in their severity. The main culprits were network worms Slammer and Blaster.

The network congestion caused by Slammer dramatically slowed down the network traffic of the entire Internet. One of the world's largest automatic teller machine networks crashed and remained inoperative over the whole weekend. Many international airports reported that their air traffic control systems slowed down. Emergency phone systems were reported to have problems in different parts of the USA. The worm even managed to enter the internal network of the Davis-Besse nuclear power plant in Ohio, taking down the computer monitoring the state of the nuclear reactor.

The RPC traffic created by Blaster caused big problems worldwide. Problems were reported in banking systems and in the networks or large system integrators. Also, several airlines reported problems in their systems caused by Blaster and Welchi, and flights had to be canceled. Welchi also infected Windows XP-based automatic teller machines made by Diebold, which hampered monetary transactions. The operation of the US State Department's visa system suffered. The rail company CSX reported that the worm had interfered with the train signaling systems stopping all passenger and freight traffic. As a result of this, all commuter trains around the US capital stopped on their tracks.


There was a lot of attention to the indirect effects of Blaster on a major power blackout in the Northeastern USA which occurred during the outbreak week. According to the report of the blackout investigative committee there were four main reasons behind the power failure, one of them being specifically computer problems. We believe these problems were to a great extent caused by the Blaster.



It is important to note that even though the system problems caused by Slammer and Blaster were truly considerable, they were only byproducts of the worms. The worms only tried to propagate: they were not intended to affect critical systems. The malware affected environments that had nothing to do with Windows: it was the massive network traffic caused by the worms that alone disrupted normal operations.