How to take down the entire Internet with this one weird trick, according to Crisis


According to the television documentary Crisis which aired on NBC last Sunday, a cyberattack took over the entire Internet.

Timecode 13:00: "Anything connected to the Internet. Banking systems, power grid, air traffic control, emergency services. The virus has spread into them all."

And the show includes an amazing journalistic scoop: A screen shot of the attack being launched! Timecode 11:40:

文件上传
Threads Progress Remaining Speed
0:000> u eip-30 eip+20 notepad+0x5cfc: 01005cfc 0001 add [ecx],al 01005cfe 3bc7 cmp eax,edi 01005d00 7407 jz notepad+0x5d09 (01005d09) 01005d02 50 push eax 01005d03 ff15dc100001 call dword ptr [notepad+0x10dc (010010dc)] 01005d09 8b45fc mov eax,[ebp-0x4] 01005d0c 57 push edi 01005d0d 57 push edi 01005d0e 68c50000 push 0xc5

That's right, my friends. This elite virus that shut down the Internet was an upload of Notepad!

Comments (28)
  1. Joshua says:

    I'm pretty sure it wouldn't matter what Win32 binary was used as the kernel splice used in the forward-kill construct to crash all routers. For some reason forward packet takes place before apply firmware patch so if you multicast the kill with inadequate filters down they all go.

  2. Kemp says:

    Talk about feature creep. How did "capability to bring down global networks" break through the -100 point penalty?

  3. In the UK we had a similar documentary on Channel 4 (I think?) called "The Great Global Warming Swindle". Various people complained, and OFCOM (I think?) — tasked with the responsibility to either punish Channel 4 or not — made the ruling that documentaries are only for entertainment and may be wilfully inaccurate; the only programmes that require accuracy are News programmes. http://www.theguardian.com/…/climatechange.carbonemissions

  4. Raymond, any idea how many different HTML rendering engines there among current-Gen Microsoft products? I haven't checked it out, but I observe different behaviour in Visual Studio, IE, Outlook (particularly when rendering your beautiful artwork). Any others?

  5. Sockatume says:

    carbon_twelve, I don't think Raymond was being serious when he said it was a documentary.

  6. Rob Y says:

    Crisis isn't a documentary, it is a fictional drama.

  7. Adam Gross says:

    Snow Crash lives!

  8. Rob says:

    @carbon_twelve: It's the same engine overall, but different behaviors based on compatibility quirks.  IE generally runs in Edge Mode.  Visual Studio uses the embedded (MSHTML) control which has document-mode compatiblity constraints (think the WebBrowser control from Windows Forms / WPF).  Outlook looks different because the HTML is run through a safe-HTML parser before being displayed (or else someone hosting an RSS feed or sending a malicious email could send you script that would be obnoxious; imagine an email that endlessly called alert('Hey there!!!')).

  9. Joker_vD says:

    Huh. One would thought that executable would had been Internet Explorer?..

    Ba-dum tish.

  10. James says:

    I noticed this too. It would make more sense if they used microsoft office.

    Did anyone think about that they used microsoft windows to spread the virus?

    I'm sure that if they had used windows 8 they would not have been able to find the "send virus" button because of the metro ui.

    If they had forced an upgrade for all the computers to windows 8 I'm sure it would have the same effect as the virus had.

  11. Jon Meltzer says:

    Microsoft really needs to fix that bug. :-)

  12. Jim says:

    And they used Chinese name on the title?? The Chinese gov shall sue US for whatever!

  13. Yuri says:

    @James

    If they would have used Windows 8.1 the Virus would have automagically spread to OneDrive (formely SkyDrive) without user interaction.

  14. Christian says:

    Seems like there is more power in Notepad than everyone thinks… First it is the best Web authoring tool (blogs.msdn.com/…/9915989.aspx) and now it can turn of the internet! Which version of Notepad has the Turn-the-internet-off feature? ;)

  15. 640k says:

    "This content is currently unavailable"

  16. cheong00 says:

    @Jim: For anyone who can't read Chinese, those 4 character means "Document Upload".

    So the "hacker program" in the TV programme is made by Chinese? I think they should have had change the table headers to Chinese too.  :P

  17. Paul Coddington says:

    Programmer who created Notepad goes into hiding: "They're on to me!"

  18. Dai says:

    @rob and @carbon_twelve – Outlook 2007 and later don't use IE (Trident/MSHTML) but actually Word, which can render most HTML and simple CSS competently, but still has major shortcomings. This change caused a massive backlash from the HTML E-mail community as it means they can't use new HTML5 or CSS3 (or even some CSS2.1) features in their emails. HTML e-mail is effectively stuck with having to accommodate a 2002-era layout engine: litmus.com/…/outlook-2013-still-powered-by-word-now-available-for-email-testing

  19. @rob and @Dai: thanks so much, that's really fascinating.

    @Sockatume: I knew that Raymond was being deadpan, but thought it might surprise people to know that in the UK wilfully inaccurate documentaries are allowed.

  20. icabod says:

    Is it strictly legal to show Notepad disassembly on TV?

    And besides, this is 2014 – they should be using Wordpad, surely.

  21. Mormegil says:

    Well, there is a Tumblr site full of this stuff, Source Code in TV and Films: http://moviecode.tumblr.com/

  22. Myria says:

    Well, Raymond, the journalists *are* kind of right.  Some of the best (worst?) viruses ever made were created using that evil program they're disassembling.

  23. Stefan says:

    Come one, everyone knows Notepad is an evil *** program. I mean, it can be used to write viruses like ILOVEYOU! Fortunately, the clue to it being a sly old dog has already been found ten years ago: en.wikipedia.org/…/Bush_hid_the_facts

  24. Matt says:

    Actually, it was an upload of a binary that *called itself* notepad.

    Just like Stuxnet was a binary that called itself lsass.exe.

    But in general, yes. Hollywood has no idea what hacking or anything else to do with programming computers actually looks like.

  25. Muzer_ says:

    Aw, disappointed the Chinese doesn't match any of the commonly-known misinterpretations of ASCII as UTF-16 (this app can break, bush hid the facts, etc.) – would have been the icing on the cake ;)

  26. dan says:

    "… with this one weird trick", rofl

  27. Marc K says:

    It was the Windows XP version of notepad.  So, the vulnerability was never patched out.

  28. smf says:

    I spent 2004 referring to "the documentary, the day after tomorrow" after someone at work ranted about how scientifically inaccurate it was. I also know a girl who went to the cinema to see Armageddon and her date came out with the line "that wouldn't happen in space". Which while it's admittedly true, it kinda killed the mood.

    My favourite tech film of all time is Hackers, I'd talk about it but I'm off to triple the ram.

Comments are closed.