In this article we examine the recently discovered Stuxnet virus.
For more information, consult the Symantec W32.Stuxnet dossier.
History:
The origins of the Stuxnet malware package are unknown, but its sophisticated design has led researchers to speculate that its creation may have been sponsored by a nation-state. Discovered in July, 2010, Stuxnet is the first known rootkit which targets industrial control systems. The most widely affected country is Iran, but the virus has spread across the world and has been found in the the wild. It is believed that it originally spread from laptops belonging to Russian contractors working at the nuclear power plant in Bushehr, Iran.
Stuxnet targets frequency converters made by Vacon (in Finland) and Fararo Paya (in Iran). It accomplishes this by subverting the Siemens S7 PLC system, then covertly passeing modified code from the host machine to the controller. Stuxnet sends poisoned instructions to converter drives running between 807 Hz and 1210 Hz. The new instructions cause the drives to spin at different speeds, which could either sabotage regular use or cause irreparable damage to rotor assemblies by driving them at speeds which they cannot withstand. After Stuxnet has installed itself and footprinted the compromised host, it attempts to send the information gathered to control servers via HTTP on port 80. It is possible that custom payloads could be remotely loaded, aside from the built in routines which specifically targets converter drives.
modbusbacnet 