Trojan horse suspected of contributing to 2008 Madrid aircrash

Spanair crash
Updated Authorities investigating the 2008 Madrid air crash, which resulted in the deaths of 154 people, have discovered that a central computer system used to monitor technical problems in aircraft was infected with Trojan horses.

The tragic crash, which occurred two years ago today, saw Spanair flight 5022 crash just after take off from Madrid-Barajas international airport, on what should have been a routine trip to Gran Canaria. Only 18 people survived the explosion, Spain’s worst air disaster in 25 years.

According to El Pais, an internal report by the airline has revealed that a computer located at the airline’s headquarters in Palma, Mallorca, should have identified three similar technical problems with the airplane, but was suffering from a malware infection.

According to the newspaper, the plane should not have been allowed to take-off if the technical problems had been identified.

Sign up to our free newsletter.
Security news, advice, and tips.

It’s important to note – malware didn’t cause the plane to crash.

The US National Transportation Safety Board, for instance, reported in a preliminary investigation that the plane had taken off with its flaps and slats retracted – and that no audible alarm had been heard to warn of this because the systems delivering power to the take-off warning system (TOWS) failed.

If the news story is accurate, however, malware may have affected computer systems that (if they had been working properly without interference) would have meant the flight might never have attempted to take off in the first place. Unfortunately we don’t know the name of the malware that is under suspicion in this case, so it’s tricky to comment further.

The final report from crash investigators is not due to be presented until December, and it’s very probable that there will be found to be other contributing factors to what was a horrific accident beyond the malware infection by Trojan horses.

However, next time someone tries to convince you that the people who write malware aren’t really doing anyone any serious harm – remember this case.

Thanks to @bow_sineath for providing information about the NTSB report.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.