The world’s first “super factory virus†Stuxnet, which caused Iran’s nuclear power plants to postpone their power generation, has now invaded China. According to media reports, the virus has infected six million computers in the past few days, affecting nearly a thousand factories and industrial facilities, and due to lack of security system, the virus still has a high risk of large-scale transmission. The virus was described by security experts as the world’s number one computer super weapon, and it was affected in almost all important industrial areas in the Mainland.
This kind of computer worm is called a super factory virus and specifically attacks operating systems made by the German multinational company Siemens. Siemens is one of the largest overseas suppliers of industrial computers in China. Xinhua News Agency reported yesterday that the virus had infected six million computers in the past few days, affecting nearly a thousand factories and industrial facilities, and attacked computer servers located in the United States.
Rising experts said that this is the world's first destructive virus specifically designed for industrial control systems. It also uses seven new vulnerabilities, including MS10-046, MS10-061, and MS08-067. Of these seven vulnerabilities, five are for windows systems and two are for Siemens SIMATIC WinCC systems. In addition, of the five vulnerabilities related to Microsoft, there are currently two local privilege escalation vulnerabilities that remain unrepaired.
The virus successfully bypassed the detection of security products by disguising the digital signatures of Realtek and JMicron. From the point of view of writing techniques, the virus still has a lot of room for improvement. In the future, it is likely that a complex virus with the same principle will emerge.
According to analysis by Rising Technology Department, Stuxnet virus specifically attacks Siemens' SIMATIC WinCC monitoring and data acquisition (SCADA) system, which is widely used in many important industries in China and is used for iron and steel, electricity, energy, and chemical engineering. The human-machine interaction and monitoring of other important industries, once successful, may cause the use of these enterprises to operate abnormally, and even result in serious accidents such as theft of business data and suspension of production.
The virus is mainly spread through U disk and LAN. Because computers installed with SIMATIC WinCC system are generally physically isolated from the Internet, hackers have specifically strengthened the U disk's ability to spread the virus. If the company does not strictly manage removable devices such as U-disks, resulting in the use of a poisoned U-disk in the LAN, the entire network will be infected.
A Siemens spokesperson stated that there are also Hong Kong companies using the system, but so far there have been no reports of Hong Kong companies being attacked by viruses. Siemens customers in Hong Kong include the Hong Kong International Airport, Disneyland, MTR, China Power and St. Paul's Hospital in Causeway Bay. The MTR and CLP indicated that Siemens had contacted them and informed them that the system was not affected.
Mainland experts said that because the virus software could steal sensitive data from infected computers and send it to hackers, it would allow hackers to remotely control and operate computers, thus posing an 'unprecedented' threat to China’s national security.
Wang Zhantao, a network security engineer at Beijing Rising, an anti-virus service provider, said that many important industrial fields such as steel, energy and transportation have all been invaded. This has never happened before.
This kind of computer worm is called a super factory virus and specifically attacks operating systems made by the German multinational company Siemens. Siemens is one of the largest overseas suppliers of industrial computers in China. Xinhua News Agency reported yesterday that the virus had infected six million computers in the past few days, affecting nearly a thousand factories and industrial facilities, and attacked computer servers located in the United States.
Rising experts said that this is the world's first destructive virus specifically designed for industrial control systems. It also uses seven new vulnerabilities, including MS10-046, MS10-061, and MS08-067. Of these seven vulnerabilities, five are for windows systems and two are for Siemens SIMATIC WinCC systems. In addition, of the five vulnerabilities related to Microsoft, there are currently two local privilege escalation vulnerabilities that remain unrepaired.
The virus successfully bypassed the detection of security products by disguising the digital signatures of Realtek and JMicron. From the point of view of writing techniques, the virus still has a lot of room for improvement. In the future, it is likely that a complex virus with the same principle will emerge.
According to analysis by Rising Technology Department, Stuxnet virus specifically attacks Siemens' SIMATIC WinCC monitoring and data acquisition (SCADA) system, which is widely used in many important industries in China and is used for iron and steel, electricity, energy, and chemical engineering. The human-machine interaction and monitoring of other important industries, once successful, may cause the use of these enterprises to operate abnormally, and even result in serious accidents such as theft of business data and suspension of production.
The virus is mainly spread through U disk and LAN. Because computers installed with SIMATIC WinCC system are generally physically isolated from the Internet, hackers have specifically strengthened the U disk's ability to spread the virus. If the company does not strictly manage removable devices such as U-disks, resulting in the use of a poisoned U-disk in the LAN, the entire network will be infected.
A Siemens spokesperson stated that there are also Hong Kong companies using the system, but so far there have been no reports of Hong Kong companies being attacked by viruses. Siemens customers in Hong Kong include the Hong Kong International Airport, Disneyland, MTR, China Power and St. Paul's Hospital in Causeway Bay. The MTR and CLP indicated that Siemens had contacted them and informed them that the system was not affected.
Mainland experts said that because the virus software could steal sensitive data from infected computers and send it to hackers, it would allow hackers to remotely control and operate computers, thus posing an 'unprecedented' threat to China’s national security.
Wang Zhantao, a network security engineer at Beijing Rising, an anti-virus service provider, said that many important industrial fields such as steel, energy and transportation have all been invaded. This has never happened before.