Slashdot Mirror


Malware Targets Shortcut Flaw In Windows, SCADA

tsu doh nimh writes "Anti-virus researchers have discovered a new strain of malicious software that spreads via USB drives and takes advantage of a previously unknown vulnerability in the way Microsoft Windows handles '.lnk' or shortcut files. Belarus-based VirusBlokAda discovered malware that includes rootkit functionality to hide the malware, and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company. In a further wrinkle, independent researcher Frank Boldewin found that the complexity and stealth of this malware may be due to the fact that it is targeting SCADA systems, or those designed for controlling large, complex and distributed control networks, such as those used at power and manufacturing plants. Meanwhile, Microsoft says it's investigating claims that this malware exploits a new vulnerability in Windows."

1 of 214 comments (clear)

  1. Re:Windows for SCADA? WTF?! by Thelasko · · Score: 5, Interesting

    Seriously, anyone using Windows for SCADA in this day and age has to get their head checked.

    About 6 years ago I worked as an engineer for a manufacturing company. One day a pop up message appears on my computer. It says something like, "this machine will restart in 30 seconds. Please save all of your work." I saved my work and the machine restarted. A few minutes later, it happened again, and I called IT.

    IT comes out, and looks at my machine. They figure it's some sort of virus, but it turned out to be a worm. The Sasser worm to be exact.

    Machines start rebooting themselves all over the office, and my boss asks the IT manager if this will effect the assembly line PLCs.

    The IT manager gives my boss a very firm, "No!" and goes on to explain how those machines are behind a separate firewall, and can't possibly get the worm.

    Just as he is explaining this, the foreman comes in from the plant and says, "Hey! all of those computers out on the assembly line just rebooted themselves!"

    Our IT director got very red, and went into the server room and unplugged all of the switches. We were one of the few companies using VOIP at the time, and that meant no phone, fax or internet for the whole building.

    Why did we use Windows on the assembly line? I asked that my first day on the job. Corporate determined it was cheaper than running embedded devices.

    The company was shut down for a whole day, costing $20,000 per minute in lost revenue. I can't imagine those embedded devices were that much more expensive.

    As a side note, our IT Manager developed a heart condition at a very young age, and I quit a year later.

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".