Have You Seen the StuxNet Worm Yet?

How many people do you have sneaking memory sticks into your plant? How does this virus get onto the memory sticks in the first place?

Inquiring minds wanna know.

The worm spreads among Windows PCs that run the Siemens WinCC PLC programming software. The PC can contract it from an infected USB memory stick or from other infected computers on the network. Any USB memory stick inserted into an infected machine becomes a carrier. So if an engineer modifies some PLC code on their infected desktop using WinCC, then saves the new PLC code to a USB stick, then goes down to the plant and uses a laptop to load the new code onto the PLC both the PLC and the laptop are now infected.

http://en.wikipedia.org/wiki/Stuxnet

My Anti Vir fixed a lots of Memory sticks already, so once the pattern are established what will keep Powerplants from being save?

This is an IMPORTANT question: has anyone seen StuxNet? Which leads to the most IMPORTANT question: has anyone seen it affect anything in their operations?

Langner (http://www.langner.com/english/) has dropped off the radar after his October 19 post, can't be a part of his Open Letter to Symantec (http://www.langner.com/english/?p=249) where he accuses the Stuxnet Dossier (http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf) of drawing dangerous misleading conclusions about Stuxnet's dangers to the world.

If Langner is right some of us should be seeing something in our PLC's and HMI's.

If Symantec is right it's all over, no PLC's affected, just a matter of cleaning your HMI's operating system.

This is one of the big problems with Stuxnet, it is very good at hiding itself.

If you go to examine some of the built in code on the PLC (library) where stuxnet is known to live, stuxnet will intercept the query and report back what should be there in the hex editor, not what is actually there (the original code plus the infection). So unless you have access to an uninfected hex editor and do a checksum on the installed code it is very difficult to know whether or not the PLC is infected.

Yes, it's hard to imagine that anyone, no matter what their agenda is, would want to hurt a lot of innocent people. But then, that's the nature of anger and violence.