Stuxnet virus – fascinating and scary
Today seems to be a cyber security day. I spent some time this morning talking to Brian Owen of OSIsoft about PI architectures and NERC CIP compliance. Later I was looking at Slashdot which eventually led to an interesting blog post by Symantec regarding the Stuxnet virus. There are several interesting aspects to this virus…
- The virus uses several Windows exploits to propagate and hide itself.
- The virus intercepts Siemens DLL calls and reprograms PLC code which it then hides from the engineering software used to program the controllers.
- The virus uses peer to peer networking so that if a newer version of the code is introduced to the network, all of the machines infected with the older code are updated.
Symantec is supposed to present their white paper on the virus today at the Virus Bulletin 2010 conference. I’ll be posting a link when it is available.
The original Slashdot post that I linked to is a story that the Iranians have apparently reached out to several western cyber security firms in an attempt to enlist their help with cleaning the virus off of their systems.
I can see this virus being a real game changer. The first Gulf War woke everyone up to the military capabilities of the United States. I can see that this virus is probably doing the same thing. Someone is demonstrating the same type of capabilities in cyberspace and I’m sure that it is getting the attention of governments throughout the world. It will be interesting to see how this manifests itself. I would love to have the inside story on this one, wouldn’t you?
This Computerworld article has some excellent speculation along this line. What if this highly effective virus mutates and starts attacking other systems beside Siemens?