Supervisory control and data acquisition systems are already infected with a large number of malware and the proof lies in log files posted all over support forums.
The computers controlling industrial machinery are in many cases used for other purposes, thus resulting in a large number of infections which could compromise the integrity of the whole mechanism.
, an active member of the ICS security community, discovered during his research, some “forum posts regarding cyber security with details of systems, systems that had automation software installed.”
The posts consisted of HijackThis logs containing dump configuration information. These logs can be leveraged by experts to identify malicious components.
One of the worst logs identified by Toecker belonged to a laptop owned by Alsorm UK, a power company which seemed to use this laptop as any office device, even though, based on the applications installed, it belonged to one of its technicians.
One of the problems detected at first glance was that the computer's DNS queries have been redirected to a couple of Ukrainian DNS servers, famous for spreading malware.
The second issue was related to a DLL file belonging to an adware called Adware.Virtumonde.GFH, which increases the network activity of the infected client.
A concerning issue is that the log was posted in 2008, which means that by now, a larger number of computing devices used for these purposes might be compromised.
The root of these infections seems to be the need for mobility of service technicians working with SCADA systems. Because they're multi-purpose devices, the probability of these computers getting affected by ill-intended pieces of software is very high.
“Vendors and their techs won’t be happy with this conclusion, considering the level of work each one puts into obtaining and loading all their tools and apps. This post, and the others I saw, show the issue with vendors bringing their own computers in, and reasons requiring that vendors use designated systems for control work,” concluded Toecker.