Siemens: Stuxnet Worm hit industrial systems

Sophisticated worm, steal trade secrets and disrupt operations were infected by at least 14 plants, according to Siemens.
Called Stuxnet worm was discovered in July, when researchers Virusblokada found it on computers in Iran is one of the most complex and unusual pieces of malware ever produced--worm leveraged previously unknown vulnerability in Windows (now patched), allowing it to spread from one computer to another, usually via USB sticks.
The worm exploits the industrial management of Siemens, is nevertheless it has affected a number of plants of Siemens company, according to Simon Wieland. "We detected a virus in SCADA systems [holdout and acquisition management] 14 plants in operation without interruption of the production process and without any damage, "he said in an e-mail message.
This is disturbing news, because according to a new document to the worm is made at the Virus Bulletin Conference this month in Vancouver, Stuxnet could inflict considerable damage, if it is not deleted properly.
Symantec Researchers cracked Stuxnet Cryptography systems, and say that this is the first worm, built not only Špion'te industrial systems but reprogram them.
Once installed on a computer that uses the default password Stuxnet Siemens look and try to gain access to systems, programs WinCC and PCS 7--the so-called PLC (programmable logic controller) programs that are used to control large industrial systems at the plant floors and military installations and chemical and power plants.
The software operates in two stages, after infection, according to o' Murchu Liam leader Symantec Security response.First, it provides information about System Siemens configuration, the server management and control.Then, attackers are able to choose the purpose and actually reprogram the how it works. "They decide how they want PLC for, and then they send the code for infected machines that will change the PLC. "said o' Murchu.
As noted, Wieland plant operations affected in fact does not exist.
Nevertheless, it is of course the possibility, in accordance with o' Murchu. Stuxnet comes with rootkit, deigned to hide any commands, it loads from Siemens system operators.For this reason, Symantec warns that even if you remove the software components Siemens may still contain hidden commands. Symantec advises companies that were infected with a thorough audit code of PLC or system restore from a backup is safe in order to be safe.
Stuxnet infected systems in Great Britain, USA and Korea, but the largest number of infections, to date, been in Iran.
The first samples of Stuxnet date code back in June of 2009, but security experts believe that it probably did not start infecting the system until earlier this year.
Defense contractors and companies with valuable intellectual property affected with targeted attacks over the years--in January, Google said that the purpose of complex data stealing, known as operation Aurora.But Stuxnet marks the first time that someone put the factory floor.
If the worm will be used for the mess on the chemical or propulsion systems, the results can be devastating.
"We definitely have never seen anything like this before," says o' Murchu. "The fact that it can control the way the physical machine is quite disturbing.
Stuxnet hardly likely to new systems at the moment, however. Symantec took the domain to use to send commands from infected machines, shortly after he was found Stuxnet means that hackers are no longer have the ability to send new commands infected systems.
No one knows who is behind Stuxnet but recently Kaspersky Lab researcher Roel Schouwenberg said that most likely the nation-State.
Symantec o' Murchu agrees that the worm is particularly difficult for criminals. "It's definitely not your typical operations, "he says.