[Infowarrior] - Malware implicated in fatal Spanair plane crash

Richard Forno rforno at infowarrior.org
Sat Aug 21 14:51:45 CDT 2010


(c/o JC)

Malware implicated in fatal Spanair plane crash

Computer monitoring system was infected with Trojan horse, authorities say

By Leslie Meredith

updated 8/20/2010 4:48:01 PM ET

http://www.msnbc.msn.com/id/38790670/ns/technology_and_science-security/?gt1=43001

Authorities investigating the 2008 crash of Spanair flight 5022 have discovered a central computer system used to monitor technical problems in the aircraft was infected with malware.

An internal report issued by the airline revealed the infected computer failed to detect three technical problems with the aircraft, which if detected, may have prevented the plane from taking off, according to reports in the Spanish newspaper, El Pais.

Flight 5022 crashed just after takeoff from Madrid-Barajas International Airport two years ago today, killing 154 and leaving only 18 survivors.

The U.S. National Transportation Safety Board reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted — and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system failed. Two earlier events had not been reported by the automated system.

The malware on the Spanair computer has been identified as a type of Trojan horse. It could have entered the airline's system in a number of ways, according to Jamz Yaneeza, head threat researcher at Trend Micro.

Some of the most likely ways are through third party devices such as USB sticks, Yaneeza said, which were responsible for the International Space Station virus infection in 2008, or through a remote VPN connection that may not have the same protection as a computer within the enterprise network. Opening just one malicious file on a single computer is all it takes to infect an entire system.

"Any computer that is connected to a network is vulnerable to a malware infection," O. Sami Saydjari, president of Cyber Defense Agency, told TechNewsDaily. "Standards have not been set to protect critical infrastructure."

An incident like this could happen again, and most likely will, according to Saydjari.

A judge has ordered Spanair to provide all of the computer's logs from the days before and after the crash.The final report from crash investigators is not due to be presented until December.


More information about the Infowarrior mailing list