Slashdot Mirror

← Back to Stories (view on slashdot.org)

Malware Targets Shortcut Flaw In Windows, SCADA

Posted by timothy on from the thinking-big dept.

tsu doh nimh writes "Anti-virus researchers have discovered a new strain of malicious software that spreads via USB drives and takes advantage of a previously unknown vulnerability in the way Microsoft Windows handles '.lnk' or shortcut files. Belarus-based VirusBlokAda discovered malware that includes rootkit functionality to hide the malware, and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company. In a further wrinkle, independent researcher Frank Boldewin found that the complexity and stealth of this malware may be due to the fact that it is targeting SCADA systems, or those designed for controlling large, complex and distributed control networks, such as those used at power and manufacturing plants. Meanwhile, Microsoft says it's investigating claims that this malware exploits a new vulnerability in Windows."

2 of 214 comments (clear)

  1. Re:Realtek by fuzzyfuzzyfungus · · Score: 5, Insightful

    They may be pretty chintzy; but they are downright ubiquitous. Things are going to get comedic if every Realtek-equipped PC that also gets Windows updates suddenly starts throwing "unsigned driver" warnings because Microsoft revokes their trust of the Realtek signing key(which they might chicken out of; but they really should do if there are signed rootkit drivers floating around)...

  2. Re:Windows for SCADA? WTF?! by PPH · · Score: 5, Insightful

    The actual consoles where the operators sit are about 90% Windows though, if not higher, and that's most likely where you're going to see this virus come into play in the first place because of some stupid user plugging in an infected USB device.

    And then the virus rootkits the control console. It can then issue commands to the SCADA systems that appear to be from legitimate operator input.

    Back when I worked for Boeing, we fought a loosing battle trying to keep Windows systems off the shop floor. In an ideal world, we would have a secure subnet within the company Intranet behind its own firewall to keep the Windows systems from seeing shop equipment. In the real world, lots of the factory equipment was running Windows. Worse yet, some of the people responsible for loading firmware into avionics used Windows laptops to do so. And then they'd take them home at night where the kids would use them to log on to Facebook, or download kewl stuff from unknown sources.

    You can't fire people fast enough to keep Windows out of misson critical areas.

    --
    Have gnu, will travel.