Reply to post: Re: Infection Vectors

Iranian contractor named as Stuxnet 'patient zero'

Anonymous Coward
Anonymous Coward

Re: Infection Vectors

I like most of your writeup but...

"The PLCs themselves don't get a virus, they just get altered programs downloaded to them from an infected PC. "

Maybe not a PLC virus, but perhaps a PLC rootkit? I'm choosing that name because the unauthorised PLC program modifications attempt to hide themselves from a PLC programmer looking at the infected PLC?. A few of the Stuxnet references mention rootkits, but among the good writeups there are masses of dross.

Don't rely solely on the writeups sourced from outfits like Symantec. Ralph Langner had a lot more clue about the PLC side of things than Symantec ever could.

See e.g.

http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdf

for an interesting writeup, though unlike some of Langner's other writings, it doesn't use the word "rootkit".

There's a TEDtalk too, but if I remember rightly it's light on technical content. There's plenty of technical content on the blog on his company's website.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon