Virus Attack on Integral Energy Threatens Power Grid

According to security researchers, the computer network of Integral Energy power utility in Australia has been attacked by a malicious virus, compelling the company to restructure all its 1,000 desktops so that the malware could be prevented from disseminating to the systems regulating the power infrastructure.

Explaining the computer worm, Integral Energy stated that the malicious program was a variant of W32.Virut.CF, as reported by Smh on October 1, 2009.

Hacklabs' security consultant Chris Gatford, a specialist in carrying out "penetration tests" on infrastructures of critical nature, stated that there was an 'unsuccessful distinction' or none whatsoever between the computer network of information technology and the network which watches and regulates the grid, as reported by Smh on October 1, 2009.

Gatford further stated that it was necessary to connect both the important networks for the purpose of sharing information like usage data, which's utilized for maintaining service quality or for processing bills.

Given this reality, network security analysts stated that a virus infiltrating an environment of such kind could dangerously disrupt the power grid's operation, particularly if the malware infected the network for process control.

As of now, an especially malicious file-infector, W32.Virut.CF is prowling on the web. If this file invades a network, it could potentially spread rapidly through open-source networks.

The specialists stated that there had been many variants of Virut before the emergence of the CF version, which employed several sophisticated methods for evading identification and elimination. While all the methods are old, they have proved successful for Virut. A few of the methods applied are encryption, spaghetti code, and a sophisticated polymorphic engine of which the encryption method comprises two stages.

The first stage involves encoding data with an inadequately strong encryption algorithm, and it also employs spaghetti code along with junk instructions for making analysis of white-box harder and prolonged.

The other stage is more complex, involving checks like reviewing CPU speed, API address manipulation, and illegal instructions.

According to a spokesman of Integral, IT security technicians, external to the company have been summoned to restructure its desktop computers.

Related article: Virus Infects Through USB Drives

» SPAMfighter News - 10/21/2009