Risk
10/27/2008
05:03 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft's 'Black Screen of Death' Patched...By Hackers

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers.

But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death."The "black screen of death," a reference to the infamous Microsoft "blue screen of death" that appears following a system crash, describes what happens to PCs running unauthorized versions of Windows after they're detected by Microsoft's Windows Genuine Advantage (WGA) program.

WGA, as implemented in China, seeks to curtail the use of illegally copied versions of Windows by setting desktop background color of unauthorized Windows installations to black. It's an aesthetic punishment rather than a functional one.

Not surprisingly for a country where the majority of Windows installations are unauthorized, this hasn't gone over well, even if it doesn't actually hobble computer functionality.

Scott Henderson, who runs The Dark Visitor blog, has been following the backlash. And in a blog post on Monday, he notes that a group of female Chinese hackers at Guangdong Foreign Studies University posted a fix for the WGA screen color change on Oct. 15, five days before Microsoft's preannounced plan went into effect.

Henderson has posted a translation of a message that the hacker group enclosed in its screen fix download. It reads:

"Excuse me Bill Gates, this time, I must once again oppose all of you [Microsoft]. I can't let you introduce chaos into the Chinese system again for no good reason! For many years now, people have stolen Windows and just this year you decide do something about it? That is stupid!! We are not the military but we have the same mission, to protect the sovereignty of the Chinese network."

This raises an interesting question: Were China and America ever to find themselves in genuine conflict, could Microsoft alter WGA to take stronger action, like disabling nongenuine versions of Windows? And would it do so if it could? (And would the Chinese government respond by mandating that everyone in China use Linux?)

WGA can be removed, so it's not clear how many unauthorized versions of Windows might actually be affected by such a ploy. But if doing so leads to falling behind on security patches, it's questionable as to whether running unauthorized software is worth the security risk.

And if, as the hackers stated, the Chinese people have the same mission as the Chinese military -- protecting network sovereignty -- running insecure software hardly seems like the right way to do that.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.