Siemens is distributing a tool to help customers deal with a malware threat targeting its SCADA, or supervisory control and data acquisition, software.
Sysclean, developed by Trend Micro, detects Stuxnet and cleans it from infected machines. First reported by security vendor VirusBlokAda, based in Minsk, Belarus, Stuxnet targets Siemens’ Simatic WinCC and PCS 7 software, and has been spreading via infected USB devices by exploiting an unpatched vulnerability in Microsoft Windows.
Once the malware is installed it scans for the Siemens software. From there, the malware attempts to steal process or production data and send it out via the Internet.
In addition to pushing the Stuxnet cleanup tool, Siemens has advised organizations to avoid using USB sticks and setting up online connections with automation devices from an infected engineering computer even after the malware has been removed.
“Currently, there is only one known case in Germany of infection [of Siemens customers], which did not result in any damage,” Siemens spokesperson Michael Krampe told eWEEK in an e-mail. “We do not have any indication that WinCC users in other countries have been affected.”
Stuxnet has garnered a high amount of interest, both because it is associated with a Windows zero-day vulnerability and because it targets software used to control systems at manufacturing and utility companies.
“The zero-day vulnerability, rootkit, main binaries, stolen digital certificates and in-depth knowledge of SCADA software are all high-quality attack assets,” Symantec researcher Patrick Fitzgerald and Senior Manager Eric Chien blogged jointly. “The combination of these factors makes this threat extremely rare, if not completely novel.”