Stuxnet Worm Attacks Industrial Systems

As per Siemens, the largest electrical engineering and electronics companies, a sophisticated worm crafted to steal industrial secrets and interrupt operations has attacked nearly 14 plants.

The 14 infected locations were mainly processing plants. However, the good thing is that critical infrastructure was not affected.

The worm uses Siemens' hard-coded MS SQL database access credentials to gain control of the SCADA [Supervisory Control and Data Acquisition] system's data. According to the reports, the worm hasn't spread widely. The company spokesman Simon Wieland stated that it had affected several Siemens plants, as per the reports by Zdnet on September 16, 2010.

Wieland further said that they had found virus in the SCADA systems of 14 plants in operation. But the systems were running without any failure of process, production and any damage, as per the reports by Computerworld on September 14, 2010.

Symantec Security Response Supervisor Liam O'Murchu revealed that the software worked in two stages after infection, as per the reports by Computerworld on September 14, 2010.

Firstly, it sent configuration details about the Siemens system to a command-and-control-server. Then, the attacker picked up a target and reprogrammed the way it works. O'Murchu stated that they had planned modus operandi of PLCs and then sent code to the infected system that would change the working method of PLCs.

As per Symantec's analysis, Stuxnet can substitute or add individual blocks of PLC code. It reportedly includes around 70 (encrypted) blocks to implement new functions. The malware hides its PLC malfunctions. If a WinCC user access the code blocks, any blocks added by the worm would not be visible. Thus, Symantec has named the malware the first publicly known rootkit for industrial control systems.

In addition, the Stuxnet worm first came up in July 2010. Since then, it has been spreading on a large scale.

Aleks, a Kaspersky Lab Expert and one of the main researchers, informed that Stuxnet was made by the professionals who have a comprehensive knowledge of antivirus methods and their shortcomings, as per the reports by Internet Evolution on September 17, 2010.

Related article: Stuxnet malware Signed With JMicron Certificate

» SPAMfighter News - 10/1/2010