Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Reminiscing Stuxnet Exploit: US Government

While referring to a research report by an audit firm, the US Government alarmed about certain defects that were noticed in two Iconics Scada systems namely Genesis32 and BizViz on May 11, 2011, as per the news published in V3 on May 13, 2011.

CERT while warning against the vulnerabilities of Genesis32 and BizViz products, manufactured by the Massachusetts-based Iconics Company, exclaimed that malware by these products allow attackers to remotely execute malicious code that run these SCADA. The malware can even gain supervisory control and acquire data, programs, and the Industrial Control Systems.

In this type of vulnerable exploitation, a user possessing ActiveX control installed can take a tour to a page that contains particularly crafted JavaScript. Users are usually entices to go to such web pages through email, instant message or links on the internet, claimed the original advisory.

The definite impact to individual organizations is dependent on several factors that may vary from one organization to another. According to the recommendations by the ICS-CERT, every organization should estimate the impact of this vulnerability on the basis of their environment, architecture, and product implementation.

Passage of a specially crafted string with the "SetActiveXGUID" method will make it probable to overflow a static buffer and implement arbitrary code on the machine of the user taking into consideration the advantages of the logged on user. The construction of a JavaScript ROP exploit by SecurityAssessment will act as a proof of the concept.

ICS-CERT has cautioned users at companies that are still running the compromised systems from opening any web links or unsolicited attachments in emails. IT managers operating in these facilities should also preserve explicit security and minimally expose network for all control system devices.

At the onset, it is necessary to site control system networks and remote devices that exists behind firewalls and segregate them from the business network, recommended, advisory ICS-CERT. Secure methods, such as virtual private networks should be used only on the requirement of remote access.

In another revelation of Scada systems, similar discoveries have been undertaken since Stuxnet worms were demonstrated and caused a dramatic effect on the industrial systems.

In case of any suspicious observation of malicious activity by an organization, internal procedures should be followed and the findings of the report should be provided to ICS-CERT for the purpose of tracking and maintenance of correlation against other incidents. ICS-CERT also prompted organizations to conduct proper impact analysis and risk assessment before adopting any defensive measures.

Related article: Ransomware Trojan Asks for $300 for Giving User Data Back

ยป SPAMfighter News - 5/23/2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page