Hunt on for Trojan writer

Siemens officials are hopeful that authorities will trace the source of a recent Trojan attack that targeted its products via a previously unknown Windows vulnerability. The malware, which spread via USB sticks, was designed to steal intellectual property from SCADA and process-control systems.

While the Stuxnet virus had been known about for some time, the new variant was a worrying development as it specifically targeted the database files of Siemens WINCC and PCS7 systems. The worm was tailored to trawl for data associated with production processes and allow people outside the facility to access this potentially sensitive commercial information.

If a piece of malware is designed to take data from a system, then someone would need to be able to consume that data elsewhere, suggested Brian Holliday, director of Siemens’ UK Industry Automation division.

“Surely the security community or the law-enforcement community, more importantly, is going to invest time and effort into trying to find out who was trying to discover things that potentially had intellectual rights associated with them, and why. If there are any pointers, then that will be a matter for the legal authorities, in whatever country it is established this came from, to look into,” he said.

Working with Microsoft, Siemens has since developed a patch that protects against the new Stuxnet virus, which had also revealed a previously unknown vulnerability in Microsoft operating systems, from XP onwards.

According to Holliday, there were only four cases of an infection - with no evidence of any system being affected - across Siemens entire global industrial customer base.

The scare has, however, highlighted the need for industrial users to have good safety concepts in place and that their DCS operates as part of a secure IT environment, said Holliday.

“If I were Rockwell or Wonderware, or any other of the vendors or DCS companies, I would have been equally concerned to see this as a development,” the Siemens manager stressed.