search slide
search slide
pages bottom

German nuclear plant found riddled with Conficker, other viruses

Malware has been running wild at a German nuclear plant, but don’t worry, its operators say that it’s no big deal because the facility isn’t connected to the Internet.

That’s definitely a good thing, because an Internet connection would almost certainly have allowed malware to phone home for further instructions and wreak all sorts of havoc. According to F-Secure’s Mikko Hypponen, infections like those found at the plant aren’t particularly dangerous unless they’re part of a targeted attack.

That doesn’t seem to be the case at the plant in Gundremmingen, which sits about 75 miles northwest of Munich. Its systems did end up with some nasty malware on them, however, including Conficker and Ramnit.

Conficker is a pretty nasty piece of malware, but it’s not exactly a new threat. In fact, it’s been around for nearly a decade… and Microsoft actually released a patch that protects Windows PCs against Conficker infections all the way back in 2009.

Ramnit was also found on the plant’s systems. At its height, the Ramnit botnet had more than 3.2 million zombies under its control. It was, however, dismantled by Europol with help from Symantec more than a year ago.

So while it’s good to hear someone with Hypponen’s expertise tell us that the situation isn’t very serious, it begs the question: how did multiple malware infections get on the plant’s computers in the first place?

The answer won’t surprise you: at least 18 infected USB drives were found onsite. That’s the same way that the ISS became infected with Stuxnet, and it’s a common attack vector used against targets with air-gapped systems.

Leave a Reply

Captcha image