Risk
10/27/2008
05:03 PM
Thomas Claburn
Thomas Claburn
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Microsoft's 'Black Screen of Death' Patched...By Hackers

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers. But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death

Last week, Chinese hackers were posting fake links promising to fix Microsoft's "black screen of death" -- the links lead to malware that attempts to attack visitors' computers.

But it appears that at least one link that Chinese hackers have posted is the real deal -- a "patch" to repair the "black screen of death."The "black screen of death," a reference to the infamous Microsoft "blue screen of death" that appears following a system crash, describes what happens to PCs running unauthorized versions of Windows after they're detected by Microsoft's Windows Genuine Advantage (WGA) program.

WGA, as implemented in China, seeks to curtail the use of illegally copied versions of Windows by setting desktop background color of unauthorized Windows installations to black. It's an aesthetic punishment rather than a functional one.

Not surprisingly for a country where the majority of Windows installations are unauthorized, this hasn't gone over well, even if it doesn't actually hobble computer functionality.

Scott Henderson, who runs The Dark Visitor blog, has been following the backlash. And in a blog post on Monday, he notes that a group of female Chinese hackers at Guangdong Foreign Studies University posted a fix for the WGA screen color change on Oct. 15, five days before Microsoft's preannounced plan went into effect.

Henderson has posted a translation of a message that the hacker group enclosed in its screen fix download. It reads:

"Excuse me Bill Gates, this time, I must once again oppose all of you [Microsoft]. I can't let you introduce chaos into the Chinese system again for no good reason! For many years now, people have stolen Windows and just this year you decide do something about it? That is stupid!! We are not the military but we have the same mission, to protect the sovereignty of the Chinese network."

This raises an interesting question: Were China and America ever to find themselves in genuine conflict, could Microsoft alter WGA to take stronger action, like disabling nongenuine versions of Windows? And would it do so if it could? (And would the Chinese government respond by mandating that everyone in China use Linux?)

WGA can be removed, so it's not clear how many unauthorized versions of Windows might actually be affected by such a ploy. But if doing so leads to falling behind on security patches, it's questionable as to whether running unauthorized software is worth the security risk.

And if, as the hackers stated, the Chinese people have the same mission as the Chinese military -- protecting network sovereignty -- running insecure software hardly seems like the right way to do that.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.