Siemens has begun warning its customers that a highly sophisticated new piece of malware has been targeting automated plants that use its Simatic WinCC SCADA industrial control system. The virus uses a known default password that Siemens hard-coded into its system, which has been available online since 2008, creating malicious software designed to infiltrate systems and critical infrastructure.
Siemens has determined that the malware is a Trojan worm called Stuxnet, which exploits vulnerabilities in Microsofts operating system.
Microsoft issued a security advisory warning on the issue late last week, noting that it affects all versions of its Windows operating systems. According to the company, the virus has been seen only in limited, targeted attacks.
SCADA, which stands for supervisory control and data acquisition, is not a system connected to the Internet specifically to avoid security issues. Nevertheless, the malware is spread when an infected USB stick is inserted into a computer. Once the virus infects a Siemens system, it then establishes communications with a remote server computer that can be used to steal proprietary corporate data or take control of the SCADA system, according to several reports.
It is for this reason that the Stuxnet worm is believed to be the work of a highly sophisticated hacker that could potentially open the door to a new form of computer threat. Hard-coded passwords are used in a variety of softwares and are designed for efficiency and safety not security.
Thus far, neither Siemens nor Microsoft have determined who created the malicious software. But companies have stated that thorough investigations are under way.
