Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Security > Spyware Threats

September 7th, 2011, 07:12 GMT · By

Support Forums Reveal Evidence of Infected ICS

SHARE:

Adjust text size:

Industrial Control Panel
Enlarge picture
Supervisory control and data acquisition systems are already infected with a large number of malware and the proof lies in log files posted all over support forums.

The computers controlling industrial machinery are in many cases used for other purposes, thus resulting in a large number of infections which could compromise the integrity of the whole mechanism.

Michael Toecker, an active member of the ICS security community, discovered during his research, some “forum posts regarding cyber security with details of systems, systems that had automation software installed.”

The posts consisted of HijackThis logs containing dump configuration information. These logs can be leveraged by experts to identify malicious components.

One of the worst logs identified by Toecker belonged to a laptop owned by Alsorm UK, a power company which seemed to use this laptop as any office device, even though, based on the applications installed, it belonged to one of its technicians.

One of the problems detected at first glance was that the computer's DNS queries have been redirected to a couple of Ukrainian DNS servers, famous for spreading malware.

The second issue was related to a DLL file belonging to an adware called Adware.Virtumonde.GFH, which increases the network activity of the infected client.

A concerning issue is that the log was posted in 2008, which means that by now, a larger number of computing devices used for these purposes might be compromised.

The root of these infections seems to be the need for mobility of service technicians working with SCADA systems. Because they're multi-purpose devices, the probability of these computers getting affected by ill-intended pieces of software is very high.

“Vendors and their techs won’t be happy with this conclusion, considering the level of work each one puts into obtaining and loading all their tools and apps.  This post, and the others I saw, show the issue with vendors bringing their own computers in, and reasons requiring that vendors use designated systems for control work,” concluded Toecker.


1,340 hits · 1 comment
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Gordon Ramsay Claims His Email Was Hacked
Tibet Group's Email Attacked Before Dalai Lama's Visit
Kaspersky CEO Talks About Security in Gaming

READER COMMENTS:


Comment #1 by: allanhitch on 07 Sep 2011, 13:15 UTC reply to this comment

Here in the U.S. I've found the same scenario a number of times. Multi-purpose portables (laptops, etc.) get "plugged in" at a variety of trouble sites. Even devices used for apparently dedicated corporate use like the laptops of cable installers, power company techs, and (even more frightening) mobile medical personnel, seem to "pick up" malware. In fact, I've found that such apparently "dedicated" devices are quite often the very devices that introduce pollution into the parent network. As a travelling technologist, I've frankly found Linux to be my saviour. It allows me the technical tools I need while providing a high level of immunity to most malicious code.

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use