Brian Krebs reported last week on recently discovered malware that attempts to compromise Siemens SCADA (supervisory control and data acquisition) systems - the systems that run industrial processes and utilities like pipelines, refineries, chemical plants, and electrical systems.
The malware utilizes USB drives and takes advantage of previously unknown flaws in Windows operating systems. See Experts Warn of New Windows Shortcut Flaw. Network World has a follow up article: New virus targets industrial secrets that provides a good explanation of how the virus spreads.
SCADA systems run critical infrastructure and Siemens is a key manufacturer. This type of malware can't be dismissed lightly. We do not know how long the virus has been in the wild, where it has spread and what systems may be affected. If a virus has infiltrated control systems for the power grid or pipelines there is no telling how much damage could be caused.
Many in the security community have been concerned about this type of malware but it doesn't get much publicity (however, see this video: Sabotaging the System: 60 Minutes reports on our dismal Internet security, a report by 60 Minutes from last November).
I zeroed in on one paragraph from KrebsonSecurity:
Ulasen said the malware installs two drivers: “mrxnet.sys” and “mrxcls.sys.” These so-called “rootkit” files are used to hide the malware itself so that it remains invisible on the USB storage device. Interestingly, Ulasen notes that both driver files are signed with the digital signature of Realtek Semiconductor Corp., a legitimate hi-tech company.
Protecting digital signatures is critical for internet security. It's the "secret password" that makes cryptography work. Yet the hardware and general purpose operating systems that run Internet, consumer, and business software (and therefore all of their applications) are incapable of fully protecting critical cyptograghic signatures. They can only do a marginal job through obfuscation. We live with this compromise every day. DNSSEC will help with authentication, but without immunity to malware and rootkits we can never be secure.
I hope Siemens' customers are working overtime to determine that they have not been compromised.
