stuxnet

An industrial control security researcher in Germany who has analyzed the Stuxnet computer worm is speculating that it may have been created to sabotage a nuclear plant in Iran.

The worm, which targeted computers running Siemens software used in industrial control systems, appeared in July and was later found to have code that could be used to control plant operations remotely. Stuxnet spreads by exploiting three holes in Windows, one of which has been patched.

The high number of infections in Iran and the fact that the opening of the Bushehr nuclear plant there has been delayed led Ralph Langner … Read more

Microsoft on Tuesday issued patches for 11 vulnerabilities in Windows and Office, including a hole being used by the Stuxnet worm to infect PCs.

The security bulletin MS10-061 addresses a vulnerability in the print spooler service of Windows that could allow an attacker to take control of a computer by sending a specially crafted print request to a vulnerable system where the print spooler service is exposed without authentication, according to the security advisory.

The hole, discovered by Kaspersky Lab and later Symantec, is being exploited by Stuxnet and is rated "critical" for Windows XP but only "… Read more

A worm that targets critical infrastructure companies doesn't just steal data, it leaves a back door that could be used to remotely and secretly control plant operations, a Symantec researcher said on Thursday.

The Stuxnet worm infected industrial control system companies around the world, particularly in Iran and India but also companies in the U.S. energy industry, Liam O'Murchu, manager of operations for Symantec Security Response, told CNET. He declined to say how may companies may have been infected or to identify any of them.

"This is quite a serious development in the threat landscape," … Read more

Microsoft plans to release a patch on Monday for a flaw involving how Windows handles shortcut files, after seeing the hole being used to spread a particularly nasty and fast-spreading virus, the company said Friday.

Initially, the Windows flaw was used to spread the Stuxnet worm via USB drives. The vulnerability, which is in all versions of Windows, is in the code that processes shortcut files ending in ".lnk," according to the Microsoft advisory from two weeks ago that included information on a work-around.

Now there are copycat attacks in which the .lnk hole, or "shortcut hole,&… Read more

Siemens has advised its customers not to change the default passwords hard-coded into its WinCC Scada product, even though the Stuxnet malware that exploits the critical infrastructure systems software is circulating in the wild.

Changing the passwords could affect the operations of critical infrastructure organizations such as utilities companies and electricity suppliers, according to Siemens.

"We will be publishing customer guidance shortly, but it won't include advice to change default settings as that could impact plant operations," said Siemens spokesman Michael Krampe in a statement on Monday.

Read more of "Siemens warns Stuxnet targets of Scada password risk" … Read more