Virus targets Siemens industrial control systems

BOSTON (Reuters) - Hackers have built a computer virus that attacks Siemens AG’s widely used industrial control systems, creating malicious software that analysts said can be used for espionage and sabotage.

The German company said the malware is a Trojan worm dubbed Stuxnet that spreads via infected USB thumb drives, exploiting a yet-to-be-patched vulnerability in Microsoft Corp’s Windows operating system.

“Just viewing the contents of the USB stick can activate the Trojan,” said Siemens spokesman Alexander Machowetz. “Siemens recommends avoiding the use of a USB stick.”

Siemens first learned of the problem on July 14, he said.

Stuxnet is among the first to surface that attacks software programs that run Supervisory Control and Data Acquisition, or SCADA, systems. Such systems are used to monitor automated plants -- from food and chemical facilities to power generators.

Once the worm infects a Siemens system, it quickly sets up communications with a remote server computer that can be used to steal proprietary corporate data or take control of the SCADA system, said Randy Abrams, a researcher with ESET, a privately held security firm that has studied Stuxnet.

Analysts said attackers may have chosen to spread the malicious software via a thumb drive because many SCADA systems are not connected to the Internet, but do sport USB ports.

Siemens said it has so far only identified one customer whose SCADA systems were infected by the virus, a customer in Germany that Machowetz declined to identify by name.

Security experts have long theorized that hackers -- including ones working for nation states or terrorist groups -- would one day develop viruses that target SCADA systems. They could be used to steal sensitive data or sabotage major infrastructure facilities by instructing software to attack those plants.

“It could be very valuable to a nation-state for war-like espionage. It could be very valuable to terrorist organizations,” said ESET’s Abrams.

Microsoft spokesman Jerry Bryant said he did not know when the company would update its Windows software to address the vulnerability that Stuxnet exploits.

Now that the exploit has been publicized, other hackers will quickly rush to develop malicious software programs that take advantage of the same vulnerability, said McAfee Inc spokesman Joris Evers.

Siemens, Microsoft and security experts who have studied the Stuxnet worm have yet to determine who created the malicious software.