WinNuke
In computer security, WinNuke is an example of a Nuke remote denial-of-service attack (DoS) that affected the Microsoft Windows 95, Microsoft Windows NT, Microsoft Windows 3.1x computer operating systems and Windows 7. The exploit sent a string of out-of-band data (OOB data) to the target computer on TCP port 139 (NetBIOS),[1] causing it to lock up and display a Blue Screen of Death. This does not damage or change the data on the computer's hard disk, but any unsaved data would be lost.
Details
The so-called OOB simply means that the malicious TCP packet contained an Urgent pointer (URG). The "Urgent pointer" is a rarely used field in the TCP header, used to indicate that some of the data in the TCP stream should be processed quickly by the recipient. Affected operating systems did not handle the Urgent pointer field correctly.
A person under the screen-name "_eci" published C source code for the exploit on May 9, 1997.[2] With the source code being widely used and distributed, Microsoft was forced to create security patches, which were released a few weeks later. For a time, numerous flavors of this exploit appeared going by such names as fedup, gimp, killme, killwin, knewkem, liquidnuke, mnuke, netnuke, muerte, nuke, nukeattack, nuker102, pnewq, project1, pstlince, simportnuke, sprite, sprite32, vconnect, vzmnuker, wingenocide, winnukeit, winnuker02, winnukev95, wnuke3269, wnuke4, and wnuke95.
A company called SemiSoft Solutions from New Zealand created a small program, called AntiNuke, that blocks WinNuke without having to install the official patch.[3]
Years later, a second incarnation of WinNuke that uses another, similar exploit was found.[4]
See also
References
- "National Vulnerability Database (NVD) National Vulnerability Database (CVE-1999-0153)". Web.nvd.nist.gov. Retrieved 2010-09-23.
- "Windows NT/95/3.11 Out Of Band (OOB) data barf". Insecure.org. Retrieved 2010-09-23.
- Windows OOB Bug, also known as WinNuke. Grefstad.com.
- Michael, James (2002-10-02). "WinNuke lives on, and it's coming to a system near you". TechRepublic. Retrieved 2010-09-23.