Spy rootkit goes after Indian, Iranian systems

A data-harvesting rootkit is infecting systems in India, Iran, and Indonesia, according to security companies.

Tom Espiner Special to CNET News

Sophisticated malicious software that infects critical infrastructure systems is spreading in the wild, according to security companies.

Finnish security company F-Secure, which is in the process of analyzing the malware, told ZDNet UK that critical infrastructure in India and Iran had been affected.

The malware takes advantage of a zero-day vulnerability in Microsoft .lnk shortcut files, and infects Siemens WinCC Scada software running on Windows 7 Enterprise Edition x86 systems. It spreads via USB drives and runs automatically when a shortcut icon is displayed on a user's screen.

Read more of "Spy rootkit goes after key Indian, Iranian systems" at ZDNet UK.