Automation

Update: Malware affects Siemens WinCC and PCS7 equipment

July 19, 2010
/ Print / Reprints /
ShareMore
/ Text Size+
The unwanted software’s main purpose may be industrial espionage.


UPDATE: Siemens Support Link for Stuxnet

28 SEP 2010: Keep up to date by visiting the Siemens Support Website:

Some malware, a so-called Trojan, is currently circulating which affects Microsoft Windows PCs with WinCC and PCS 7. The malware spreads via mobile data carriers, for example USB sticks, and networks. The Trojan is activated solely by viewing the contents of the USB stick.

Find the latest information and help on Stuxnet from the Siemens Support Website.


UPDATE: Microsoft releases patch

UPDATE-Microsoft has released a patch for the Stuxnet vulnerability, and Byres Security has updated its recommendations for addressing this critical SCADA-focused software worm. A revised white paper “Siemens PCS7 WinCC Malware” is available for download by all Tofinosecurity.com members now.

Readers can become a member by signing up. There is no charge, and Byres has created a very complete program to ensure member privacy.

Byres Security has also begun a blog called Practical SCADA Security. The intent is to provide clear and simple guidance when situations like Stuxnet occur.


The unwanted software's main purpose may be industrial espionage

Eric Byres, industrial network security specialist and chief technology officer of Byres Security Inc., reports investigating a new family of threats called Stuxnet, which appears to be directed specifically at Siemens WinCC and PCS7 products via a previously unknown Windows vulnerability. 

At the same time Byres also reports a concerted Denial of Service (DOS) attack against a number of the SCADA information networks such as SCADASEC and ScadaPerspective mailing lists. At least one of these services, he says, was brought down and taken off line.

Byres has been able to determine the following:

  • This is a zero-day exploit against all versions of Windows including Windows XP SP3, Windows Server 2003 SP 2, Windows Vista SP1 and SP2, Windows Server 2008  and Windows 7.
  • There are no patches available from Microsoft at this time, although there are some work-arounds (see below).
  • This malware is in the wild and probably has been for the past month.
  • The known variations of the malware are specifically directed at Siemens WinCC and PCS7 Products.
  • The malware is propagated via USB keys. It may also be propagated via network shares from other infected computers.
  • Disabling AutoRun does not help! Simply viewing an infected USB key using Windows Explorer will infect your computer.
  • The objective of the malware appears to be industrial espionage; i.e. to steal intellectual property from SCADA and process control systems. Specifically, the malware uses the Siemens default password of the MSSQL account WinCCConnect to log into the PCS7/WinCC database and extract process data and possibly HMI screens.

The only known work-arounds are:

  • Do not install any USB keys into any Windows systems, regardless of the OS patch level or whether AutoRun has been disabled or not.
  • Disable the displaying of icons for shortcuts (this involves editing the registry).
  • Disable the WebClient service.
Byres extracted and summarized the relevant data, and has assembled it in a short white paper called “Analysis of Siemens WinCC/PCS7 Malware Attacks.” Registered site users can freely download the white paper, and new visitors may register. Byres screens every new registration, so there may be a delay in processing. Byres may be contacted at 250-390-1333.

Did you enjoy this article? Click here to subscribe to Food Engineering Magazine.

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

Fabulous Food Plant: Paramount Citrus

Learn more about this fabulous food plant in Food Engineering's article, found here.

Podcasts

Burns & McDonnell project manager RJ Hope and senior project engineer Justin Hamilton discuss the distinctions between Food Safety and Food Defense as well as the implications for food manufacturers of the Food Safety Modernization Act.
More Podcasts

What was your favorite part of FA&M 2014?

View Results Poll Archive

THE MAGAZINE

Food Engineering Magazine

Food engineering magazine 2014 april cover

2014 April

Catch a preview of the Powder and Bulk Show in this April 2014 edition of Food Engineering. Also, be sure to check out a coffee stick making a real stir and a major advancement in the the pet food industry.
Table Of Contents Subscribe

THE FOOD ENGINEERING STORE

Food-Authentication-Flyer-(.gif
Food Authentication Using Bioorganic Molecules

This text provides critical tools and data needed to augment routine food analysis and enhance food safety by aiding in the detection of counterfeit, and potentially deleterious, foods.

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Food Master

Food Master Cover 2014Food Master 2014 is now available!

 

Where the buying process begins in the food and beverage manufacturing market. 

Visit www.foodmaster.com to learn more.

STAY CONNECTED

FE recent tweets

facebook_40.pngtwitter_40px.pngyoutube_40px.pnglinkedin_40px.png