back to article Botnet malware disguises itself as password cracker for industrial controllers

Industrial engineers and operators are being lured into running backdoor malware disguised as tools for recovering access to work systems. These programs offer to crack passwords for specific programmable logic controllers, according to security shop Dragos this month. According to their online ads, the cracking tools can …

  1. Anonymous Coward
    Anonymous Coward

    'Engineers may have legitimate reasons for downloading such password-cracking software.'

    No, no they don't.

    I'd be quite rightly relieved of my job if I did that.

    1. ChoHag Silver badge

      Re: 'Engineers may have legitimate reasons for downloading such password-cracking software.'

      Yes, yes we do.

    2. Paul Crawford Silver badge

      Re: 'Engineers may have legitimate reasons for downloading such password-cracking software.'

      Running it on an important and net-connected PC - yes they deserve a bollocking

      From an isolated and to-be-wiped PC - maybe worth trying if no alternative

    3. Boris the Cockroach Silver badge

      Re: 'Engineers may have legitimate reasons for downloading such password-cracking software.'

      With violence and possibly a PFY wielding a cattle prod if you did it where I work.

  2. thames

    Has been a problem for decades.

    This sort of thing has been very common with industrial control software for at least 20 years that I can recall. Downloads of password crackers and cracked versions of (otherwise very expensive) copy protected programming software has been widely known to generally come full of all sorts of malware.

    That anybody would fall for this shows if anything the naivety of the targets.

    The main reasons for needing password crackers by the way are:

    • Someone left the company on bad terms and put a password on some of the PLCs as a parting gift.
    • The project engineering department has a "toss the project over the transom" relationship with the maintenance department, and any drawings, passwords, and backups the latter received were not "as built".
    • The company bought some used machinery, and anybody who may have known what the password was is long out of the picture.

    The above doesn't cover every reason, but it probably covers 99 per cent of cases.

    Fortunately, passwords are only very rarely used on PLCs, as there's seldom any point to them. Out of many hundreds of PLCs that I've worked with, I can't recall seeing a password on any of them.

    Any access control is usually handled by the fact that you typically need physical access to the PLC, a copy of the programming software, and a knowledge of how to use all of this in order to do anything with it. Some programming software uses access control passwords as part of the software rather than in the PLC itself.

    Someone who was really determined to change the program in a PLC and had the physical access to it could just wipe the memory and reload a new copy of the program reconstructed from printouts.

    1. Anonymous Coward
      Anonymous Coward

      Re: Has been a problem for decades.

      that is when you call the mfg, give them the serial # and they help you.

      1. An_Old_Dog Silver badge

        Getting Help


        Manufacturer's likely responses: (1) None, as they've gone out of business; (2) "We don't support that product any more."; (3) "You first must have a current, paid-up support contract with us. If you don't, we'll allow you to purchase one with a special, extortionate fee; (4) "Provide a copy of your proof-of-purchase from us (not from any third party) ..."

        That said, everyone ought to know by now that warez and serial number/password-cracker programs host more virii and malware than a Glaswegian pub's urinal.

  3. FlamingDeath Silver badge

    A true engineer would

    Write their own password cracker

    What is this nonsense

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like