A new virus that was recently speculated as targeting Iranian nuclear facilities has raised concern about the safety of Industrial facilities against what could be politically targeted attacks using sophisticated code.
The Stuxnet worm was first discovered in June 2010 by an Internet security firm “VirusBlokAda” in Belarus. It gained notoriety as a one of a kind worm that targets industrial systems especially ones running the SCADA systems which are used to monitor industrial systems. It reportedly has the ability to reprogram and spy on industrial systems and has the capability to reprogram and hide the changes made to the Programming logic controllers or PLC’s. The roots of this worm can be tracked back to the early June 2009 but one of the components in this worm contains a time stamp of 3 February 2010. This new computer worm targets systems running Microsoft Windows using four zero day attacks, which include the CPLink security vulnerability and one used by the Conficker worm. The worm aims its attacks on systems running the Siemens WinCC/PCS 7 SCADA software.
As with most worms, it is initially spread by USB drives and then utilizes other shortfalls in programming to spread to other WinCC computers on the network. Once inside the PC, it uses the default password to control the software. According to experts, complexity of this worm is never seen before in a malware. The attacks require a thorough understanding of industrial processes and intent on disrupting them. And also the number of zero day attacks used in this worm is highly alarming as zero day attacks are highly prized in the hacking world and to use four of them in this worm may seem an overkill but one which has lots of consequences for the Internet and computer security world.
The worm is half a megabyte in size, quite large compared to others and written in C and C++ and is digitally signed with two stolen certificates. Its ability to upgrade via peer to peer is also very alarming and allows it to be updated after the command and control server has been disabled. Technicians say that the making of this kind of a worm would have required months of programming and many persons working on it.
An Internet security firm claims that the majority of infected systems were found to be in Iran. This claim is making speculations arise whether this worm was specifically designed to target Iranian Nuclear facilities like the Bushehr Nuclear power plant and the Natanz nuclear facility.
Siemens has released a detection and removal tool for this worm, while Microsoft has released a patch for this vulnerability.
Source : Online News Heard Now