Virus Attacks Siemens Plant-Control Systems

Computer hackers have designed a virus that targets industrial control systems built by German engineering giant Siemens AG, activating a kind of malicious software that analysts say represents a growing corporate-espionage threat.
The virus, dubbed Stuxnet, is spread by devices plugged into USB computer ports. It is programmed to try to steal data from computer systems that are used to monitor large automated plants built for anything from manufacturing to power generation to water treatment. Siemens is one of the world’s largest makers of such industrial automated systems, though it doesn’t break out its annual revenue from such sales.
Researchers analyzing the virus say that it first surfaced several weeks ago and that they are now seeing several thousand infection attempts daily, though the malicious software, or malware, is only activated if it lands on a computer running the Siemens systems software.
Siemens says so far it has learned of only one customer, a German manufacturer whose identity hasn’t been disclosed, whose industrial control systems have been infected. The company said the attack was discovered over the past week and that so far no damage had been found.
Analysts warn, though, that the attack on the Siemens’s systems marks an escalation in hackers’ efforts to use malware for industrial espionage or sabotage purposes.
Smaller, more isolated virus attacks have been attempted before on such automated systems, known as Supervisory Control and Data Acquisition, or SCADA, systems. But this is the first such infection where malware is searching for SCADA systems to attack on such a large-scale basis, said Pierre-Marc Bureau, a senior researcher in the virus lab of ESET, a privately held software-security firm.
“I’m 100% sure that the threat is very professional and much more professional than anything I see on a daily basis,” he said.
The worry among security analysts is that such viruses could at some point be used by criminal organizations or even terror groups to sabotage power plants and other utility networks key to national-security interests.
The Stuxnet worm specifically exploits an unpatched vulnerability in Microsoft Corp.’s Windows operating system, allowing it to spread through USB devices. Upon infecting a Siemens system, it uses default passwords coded in the Siemens software to try to upload control-system data to a remote server.
In an advisory that Siemens posted on its website, the company said Microsoft was working on a patch to fix the vulnerability at the USB interface, while several suppliers of virus scanners have developed updated versions that detect and eliminate the virus.In its own website advisory, Microsoft has provided a workaround fix to offer some additional protection until a patch, or update, is ready.
Siemens said it expects to approve the updated virus scanners this week and also plans to provide customers with a diagnostic tool to check if their systems have been infected. In the meantime, the company’s website advisory urges customers not to use any USB storage sticks.
Siemens, Microsoft and other security analysts haven’t determined where the virus originated. Many of the infection attempts have occurred in India, Indonesia and Iran. ESET’s Mr. Bureau said the virus likely was created in Asia, given the pattern of attacks and technology used.

By VANESSA FUHRMANS