| Recurring |
one_organization |
(a) The software failure incident related to spreading malware has happened again within the same organization, Xunlei. The incident involved Xunlei spreading malware named "Win32/Kankan" to Windows and Android users, signed with the company's security certificate. Some of Xunlei's employees used company resources to create and distribute the malicious program, indicating an internal issue within the organization [22162].
(b) The incident of spreading malware is not specifically mentioned to have occurred at multiple organizations in the provided article. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase:
The incident involving the Xunlei file sharing service spreading malware to Windows and Android users was a result of the software being specifically programmed to avoid detection by security software and analysts. The malware was signed with the company's security certificate, indicating a flaw in the design or implementation of the security measures [22162].
(b) The software failure incident related to the operation phase:
The malware incident also involved the malware silently installing applications onto Android phones that were connected to the infected computer. This operation was carried out by an updater that automatically checked a server for new versions of the programs and installed updates when available, indicating a failure in the operation or misuse of the system [22162]. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident reported in Article 22162 falls under the within_system category. The malware named "Win32/Kankan" was spread by Xunlei, a Google-backed file sharing service, to Windows and Android users. The malware was signed with the company's security certificate, indicating that the issue originated from within the system itself [22162]. Additionally, the malicious programs were installed onto systems through deceptive methods like posing as a Windows installer and silently installing applications on connected Android phones, all orchestrated by the Xunlei software [22162]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The malware named "Win32/Kankan" was spread to Windows and Android users by the Xunlei file sharing service, signed with the company's security certificate. The malware was specifically programmed to avoid detection by security software and analysts, and it was initially spread through a "dropper" program named "INPEnhSetup.exe" posing as a Windows installer [22162].
(b) The software failure incident occurring due to human actions:
During a press conference, Xunlei Networking Technologies officially admitted that some of its employees used company resources to create and distribute the malicious program. The degree to which Xunlei is implicated in the incident is unclear from the outside [22162]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident related to hardware:
- The malware incident involving Xunlei spreading malware to Windows and Android users was primarily a software failure incident rather than a hardware failure incident. The incident involved malicious software being distributed through the Xunlei software and other programs, exploiting vulnerabilities in the software and systems rather than hardware-related issues [22162].
(b) The software failure incident related to software:
- The software failure incident involving Xunlei spreading malware to Windows and Android users was a result of software-related factors. The incident was caused by the distribution of malware through the Xunlei software and other malicious programs, highlighting vulnerabilities in the software and the way it interacted with users' systems [22162]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in Article 22162 is malicious in nature. The incident involved the Xunlei file sharing service spreading malware named "Win32/Kankan" to Windows and Android users, signed with the company's security certificate. The malware was specifically programmed to avoid detection by security software and analysts, and it was spread through deceptive means such as posing as a Windows installer and silently installing malicious applications onto Android phones connected to infected computers. Additionally, some Xunlei employees were involved in creating and distributing the malicious program, indicating malicious intent [22162]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The intent of the software failure incident:
- The software failure incident involving the Xunlei file sharing service spreading malware to Windows and Android users was primarily due to poor decisions made by some employees of Xunlei Networking Technologies. These employees used company resources to create and distribute the malware, named "Win32/Kankan," which was signed with the company's security certificate [22162].
- Xunlei's involvement in creating and distributing the malicious program was acknowledged during a press conference, indicating a deliberate action taken by some employees within the company [22162].
- The malware was specifically programmed to avoid detection by security software and analysts, indicating a level of premeditation and intent to evade detection [22162].
- The malware included an updater that automatically checked a server for new versions of the programs, installing updates when they became available, showcasing a systematic approach to maintaining and updating the malicious software [22162].
(b) The intent of the software failure incident:
- The software failure incident also involved accidental decisions or unintended consequences, as the malware silently installed applications onto Android phones that were connected to the infected computer. This action was dependent on the security setting being disabled on the Android phone, enabling developer actions over USB, which is often required for legitimate software modifications and operating system customizations [22162].
- The focus on China for spreading the Trojan may have inadvertently limited the risk of widespread infection, as rooted phones are more common in China due to restrictions on apps and services, leading to unintended consequences of increased vulnerability to malware [22162]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident in Article 22162 can be attributed to development incompetence. The incident involved Xunlei, a Google-backed file sharing service, spreading malware named "Win32/Kankan" to Windows and Android users. It was revealed that some Xunlei employees used company resources to create and distribute the malware, which was specifically programmed to avoid detection by security software and analysts. The malware included various malicious programs that were installed on users' systems, including an Office plugin that evaded detection by shutting down if analysis tools were detected. Additionally, the malware silently installed applications onto Android phones connected to infected computers, indicating a level of sophistication in the malicious software's design [22162].
(b) The software failure incident in Article 22162 does not seem to be accidental. The deliberate actions of some Xunlei employees to create and distribute the malware, as well as the specific programming of the malware to evade detection and silently install applications, suggest a level of intent and planning behind the incident rather than it being accidental [22162]. |
| Duration |
permanent, temporary |
(a) The software failure incident in the article is more of a permanent nature. The malware named "Win32/Kankan" was specifically programmed to avoid detection by security software and analysts, indicating a deliberate and persistent effort to spread malicious software [22162].
(b) The software failure incident can also be considered temporary to some extent as the daily number of infections has dropped significantly since Xunlei took remedial actions, suggesting that the impact of the malware was reduced over time [22162]. |
| Behaviour |
value, other |
(a) crash: The software failure incident did not involve a crash where the system loses state and does not perform any of its intended functions. The malware was actively spreading and performing malicious actions on infected systems [Article 22162].
(b) omission: The software failure incident did not involve omission where the system omits to perform its intended functions at an instance(s). The malware was actively performing malicious actions as designed by the attackers [Article 22162].
(c) timing: The software failure incident did not involve timing issues where the system performs its intended functions correctly but too late or too early. The malware was designed to execute its malicious activities promptly upon infection [Article 22162].
(d) value: The software failure incident involved the system performing its intended functions incorrectly. The malware was spreading and installing malicious programs on both Windows and Android devices, compromising user security and privacy [Article 22162].
(e) byzantine: The software failure incident did not exhibit byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The malware consistently executed its malicious activities as designed by the attackers [Article 22162].
(f) other: The software failure incident involved the system behaving in a way not described in the options (a to e). The malware was specifically programmed to avoid detection by security software and analysts, indicating a sophisticated and deliberate attempt to evade detection and spread malicious programs [Article 22162]. |