M
There has been a news announcement that there is an MS Windows virus which is specifically designed to take over industrial controls, and this virus has been found in at least 14 plants in several parts of the world. This is <i>not</i> the same virus which we discussed earlier this year, but rather another one altogether. The full story is here:
http://www.itworld.com/security/120550/siemens-stuxnet-worm-hit-industrial-systems
The following is a quote from the story:
<i>The software operates in two stages following infection, according to Symantec Security Response Supervisor Liam O'Murchu. First it uploads configuration information about the Siemens system to a command-and-control server. Then the attackers are able to pick a target and actually reprogram the way it works. "They decide how they want the PLCs to work for them, and then they send code to the infected machines that will change how the PLCs work," O'Murchu said.
</i>
End of quote.
There is now a security patch from Microsoft to deal with this. The virus was first detected over a year ago. However, it is normal for information of this type to be held back from the public until Microsoft writes a fix for Windows and is ready to release it. In other words, anyone using this software could have had this virus on their systems for over a year.
The article also states that due to the nature of this virus, simply running a virus removal program will not remove all parts of it. You need to wipe everything and "restore from a secure backup". The article doesn't give details, but that usually means wipe the hard drive and re-install everything (including Windows) from CD. Get some good advice from a qualified IT person before just running a virus scanner and assuming that you're covered.
This particular virus has been targeted at Siemens WinCC and PCS-7, but users of other programs should not feel complacent. There could easily be other variants of the same virus targeted at other packages. The virus is using Windows security holes, so any software using Windows is potentially vulnerable to similar attacks.
http://www.itworld.com/security/120550/siemens-stuxnet-worm-hit-industrial-systems
The following is a quote from the story:
<i>The software operates in two stages following infection, according to Symantec Security Response Supervisor Liam O'Murchu. First it uploads configuration information about the Siemens system to a command-and-control server. Then the attackers are able to pick a target and actually reprogram the way it works. "They decide how they want the PLCs to work for them, and then they send code to the infected machines that will change how the PLCs work," O'Murchu said.
</i>
End of quote.
There is now a security patch from Microsoft to deal with this. The virus was first detected over a year ago. However, it is normal for information of this type to be held back from the public until Microsoft writes a fix for Windows and is ready to release it. In other words, anyone using this software could have had this virus on their systems for over a year.
The article also states that due to the nature of this virus, simply running a virus removal program will not remove all parts of it. You need to wipe everything and "restore from a secure backup". The article doesn't give details, but that usually means wipe the hard drive and re-install everything (including Windows) from CD. Get some good advice from a qualified IT person before just running a virus scanner and assuming that you're covered.
This particular virus has been targeted at Siemens WinCC and PCS-7, but users of other programs should not feel complacent. There could easily be other variants of the same virus targeted at other packages. The virus is using Windows security holes, so any software using Windows is potentially vulnerable to similar attacks.