Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Trend Micro releases Stuxnet Virus detection tool for Windows servers

Add to del.icio.us     Digg this story Digg this

November 18, 2010

Late yesterday, Trend Micro said that it has released a virus removal tool that senior system administrators can utilize to scan their networks and many Windows servers at a time for the now infamous Stuxnet worm, the malicious software program that has raised widespread concern for its targeting of industrial systems, power grid and nuclear power plant management software made by German developer of power systems Siemens.

Trend Micro's new tool will detect Stuxnet, but the company decided to build software that would let other people not using its products detect the malware, said David Sancho, a senior researcher with Trend Micro.

System administrators may also want to run the tool to verify that their security software is indeed detecting and removing the program, he said.

The Stuxnet tool can scan all computers within a specific Internet Protocol (IP address) range. To find the malware, the tool transmits spoofed packets that are similar to the packets sent by the two or three Stuxnet variants. If Stuxnet is present, it will respond to the spoofed packets.

Stuxnet is a worm that was designed to infect Windows computers and servers running Siemens WinCC SCADA (supervisory control and data acquisition) systems, which are used for industrial manufacturing processes, smart power grid management and refineries. What's really worrisome to the Internet security community and the main reason why it's been such a popular subject since July is that Siemens' same software is also used in the remote management of nuclear power plants operated in Iran, India and a few more countries.

Researchers have had a tough time figuring out exactly what Stuxnet aimed to do once it infected those systems. But in a report released by Symantec last Friday, researchers found that Stuxnet looks for frequency converter drives, which change electrical output from a power grid to a much higher frequency.

The power grid's higher frequencies are required for processing such things as uranium enrichment used in nuclear facilities. The finding gives more solid backing to theories that Stuxnet was designed by a nation-state to disrupt nuclear technology development in countries such as Iran, which already reported Stuxnet infections in late July, barely a week after Stuxnet was discovered on July 23.

But while Stuxnet is highly advanced in certain specifc ways, it also has a few flaws according to some security researchers. Because it is a worm, it can spread rapidly, which is part of the reason why security researchers eventually discovered it. Months after it has been discovered, Trend Micro has found that it is still spreading, particularly on computers and servers in places such as China where there is a lower general use of security software, Sancho said.

"We see it propagating all over China," Sancho said. "There's a lot of people who have it, and not just in China but also in many other countries as well. This is starting to be a real thorn in the side. One can only imagine what could happen if a hacker at the controls of Stuxnet suddenly feels trigger happy."

But it gets even worse! Siemens' software also controls critical oil & gas refineries and manufacturing plants all over the world. The German engineering firm warns that customers who use the infected software could have the devastating effect of disrupting whole power grids in the U.S., South America, Europe, India, Iran and China.

Siemens began distributing SysClean, a malware and virus scanner made by Trend Micro. It has been updated to remove StuxNet, a worm that spreads by exploiting two separate security flaws in Siemens's SCADA (supervisory control and data acquisition) software and every supported version of Microsoft Windows.

“As each plant is individually configured in a very unique method, we cannot rule out the possibility that removing the malware may affect your plant in any way," the Siemens advisory said.

The company also advised customers to keep the scanner updated at all times because “there are already some new derivative versions of the original virus around, and we are trying our best to mitigate these and other security issues.”

Recently, Siemens has come under blistering criticism for not removing the security vulnerability two years ago, when, according to Wired.com, the default password threat first came to light.

So far, StuxNet has infected the engineering environment of at least one unidentified Siemens customer, and has since been eliminated, Siemens said.

The company added that there are no known infections of production plants to this day, but warns that there's always the possibility that some could be discovered in the near future.

The worm spreads whenever a system running Siemens's SCADA software is attached to an infected USB stick. The attacks use a recently documented vulnerability in the Windows shortcut feature to take control of customer's personal computers in the workplace. Once there, the worm takes advantage of default passwords in WinCC, the security-prone, problematic SCADA software provided by Siemens.

Late yesterday, Siemens said it has updated WinCC to fix the security vulnerability. For its part, Microsoft has issued a stop-gap fix but hasn't said yet if and when it plans to patch the the Windows security flaw.

Click here to order the best dedicated server and at a great price.

Chris Wysopal, CTO of application security tools firm Veracode says “Siemens has put their own customers at risk with this egregious vulnerability in their software. Worse, is all the many customers from around the world who purchased the software not knowing of any of its many security risks."

"Software customers that are operating SCADA systems on critical infrastructure such as power grids, oil and gas refineries or their factories with the WinCC software had a duty to their customers to not purchase this troublesome software without proper security testing. It is obvious now that no security tests were ever performed on SCADA before putting it in place in the field-- not by Siemens itself and not by the customer. This is totally unacceptable,” added Wysopal.

Siemens' software also controls critical oil & gas refineries and manufacturing plants. The German enginerring firm warns that customers who use the infected software could have the devastating effect of disrupting whole power grids in the U.S., Canada, South America, Europe and Asia.

Siemens began distributing SysClean, a malware and virus scanner made by Trend Micro. It has been updated to remove StuxNet, a worm that spreads by exploiting two separate security flaws in Siemens's SCADA (supervisory control and data acquisition) software and every supported version of Microsoft Windows.

“As each plant is individually configured in a very unique method, we cannot rule out the possibility that removing the malware may affect your plant in any way," the Siemens advisory said.

The company also advised customers to keep the scanner updated at all times because “there are already some new derivative versions of the original virus around, and we are trying our best to mitigate these and other security issues.”

Recently, Siemens has come under blistering criticism for not removing the security vulnerability two years ago, when, according to Wired.com, the default password threat first came to light.

So far, StuxNet has infected the engineering environment of at least one unidentified Siemens customer, and has since been eliminated, Siemens said.

The company added that there are no known infections of production plants to this day, but warns that there's always the possibility that some could be discovered in the near future.

The worm spreads whenever a system running Siemens's SCADA software is attached to an infected USB stick. The attacks use a recently documented vulnerability in the Windows shortcut feature to take control of customer's personal computers in the workplace. Once there, the worm takes advantage of default passwords in WinCC, the security-prone, problematic SCADA software provided by Siemens.

Late yesterday, Siemens said it has updated WinCC to fix the security vulnerability. For its part, Microsoft has issued a stop-gap fix but hasn't said yet if and when it plans to patch the the Windows security flaw.

Chris Wysopal, CTO of application security tools firm Veracode says “Siemens has put their own customers at risk with this egregious vulnerability in their software. Worse, is all the many customers from around the world who purchased the software not knowing of any of its many security risks."

"Software customers that are operating SCADA systems on critical infrastructure such as power grids, oil and gas refineries or their factories with the WinCC software had a duty to their customers to not purchase this troublesome software without proper security testing. It is obvious now that no security tests were ever performed on SCADA before putting it in place in the field-- not by Siemens itself and not by the customer. This is totally unacceptable,” added Wysopal.

Siemens' software also controls critical oil & gas refineries and manufacturing plants. The German enginerring firm warns that customers who use the infected software could have the devastating effect of disrupting whole power grids in the U.S., Canada, South America, Europe and Asia.

Siemens began distributing SysClean, a malware and virus scanner made by Trend Micro. It has been updated to remove StuxNet, a worm that spreads by exploiting two separate security flaws in Siemens's SCADA (supervisory control and data acquisition) software and every supported version of Microsoft Windows.

“As each plant is individually configured in a very unique method, we cannot rule out the possibility that removing the malware may affect your plant in any way," the Siemens advisory said.

The company also advised customers to keep the scanner updated at all times because “there are already some new derivative versions of the original virus around, and we are trying our best to mitigate these and other security issues.”

Recently, Siemens has come under blistering criticism for not removing the security vulnerability two years ago, when, according to Wired.com, the default password threat first came to light.

So far, StuxNet has infected the engineering environment of at least one unidentified Siemens customer, and has since been eliminated, Siemens said.

The company added that there are no known infections of production plants to this day, but warns that there's always the possibility that some could be discovered in the near future.

The worm spreads whenever a system running Siemens's SCADA software is attached to an infected USB stick. The attacks use a recently documented vulnerability in the Windows shortcut feature to take control of customer's personal computers in the workplace. Once there, the worm takes advantage of default passwords in WinCC, the security-prone, problematic SCADA software provided by Siemens.

Late yesterday, Siemens said it has updated WinCC to fix the security vulnerability. For its part, Microsoft has issued a stop-gap fix but hasn't said yet if and when it plans to patch the the Windows security flaw.

Chris Wysopal, CTO of application security tools firm Veracode says “Siemens has put their own customers at risk with this egregious vulnerability in their software. Worse, is all the many customers from around the world who purchased the software not knowing of any of its many security risks."

Add to del.icio.us     Digg this story Digg this

Source: Trend Micro.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.


You can link to the Internet Security web site as much as you like.


| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Do it right this time. Click here and we will take good care of you!


Get your Linux or Windows dedicated server today.