January 6, 2011

SCADA systems under attack by STUXNET

Stuxnet, a multi- component infection that has a worm, a worm assisting file and a rootkit that assists the worm in implementing the routines has infected SCADA systems in a typical way. The nature of Stuxnet itself reveals that it is not intended to affect home users or common domestic users. Worm_Stuxnet.A has looks for legitimate dll file S7OTBXDX.DLL which is used by Siemens WinCC systems in windows systems folder and renames it to S7OTBXSX.DLL then drops its copies in it and replaces the original file.



When it is done with replacing the file it will export with code modifications that will access, read, write and delete code blocks on the PLC.
In an infected system, when these functions are called, STUXNET will execute additional codes before calling the true function in S7OTBXSX.DLL that can modify the data sent to or received from the PLC.
Once fully installed into the system, STUXNET exploits the Siemens SIMATIC WinCC Default Password Security Bypass Vulnerability to gain access to the back-end SQL database of the WinCC SQL serve.



Siemens SIMATIC WinCC Default Password Security Bypass Vulnerability enables the attacker to view the projects database and information from the WinCC server. Once it is done it can delete the all database files with extension .dbi in sql. in the local user profile. Since .DBI files are the most important, deletion of which will remove any trace of any modification done by the malware in the database.

The writers of Stuxnet are mode advanced and sophisticated than general cyber criminals as they have induced three infecting components in one whole malware which act individually.


Chances of future infecting methods:

Since the programmers have chosen the windows shortcut utility in making the STUXNET, that can crack any network there are chances that in future mode advanced and potential Threats can be combined in making a virus. The windows shortcut vulnerability is utilized by ZBOT and Sality infection to attack users. In Scada systems it is the time at which they can revise their seecurity policies and make them more stringent to make them more secure. Since SCADA means power distribution and it involves a lot of effort in making the electricity and alot of resources are utilized in generating the electricity, we have to be more careful and develop advanced techniques to tighten the security in it.



1 comments:

Post writing is also a excitement, if you be familiar with then you
can write or else it is complicated to write.

Also visit my weblog :: Roofing contractors evansville

Post a Comment

Related Posts Plugin for WordPress, Blogger...

Search This Blog

Followers

Categories

Twitter Delicious Facebook Digg Stumbleupon Favorites More