Malware Targets Shortcut Flaw In Windows, SCADA 214
tsu doh nimh writes "Anti-virus researchers have discovered a new strain of malicious software that spreads via USB drives and takes advantage of a previously unknown vulnerability in the way Microsoft Windows handles '.lnk' or shortcut files. Belarus-based VirusBlokAda discovered malware that includes rootkit functionality to hide the malware, and the rootkit drivers appear to be digitally signed by Realtek Semiconductor, a legitimate hi-tech company. In a further wrinkle, independent researcher Frank Boldewin found that the complexity and stealth of this malware may be due to the fact that it is targeting SCADA systems, or those designed for controlling large, complex and distributed control networks, such as those used at power and manufacturing plants. Meanwhile, Microsoft says it's investigating claims that this malware exploits a new vulnerability in Windows."
Interesting (Score:1, Funny)
Maybe Realtek has sinister plans other than making crappy drivers?
That's what you get... (Score:5, Funny)
...for taking shortcuts.
Re:That's what you get... (Score:1, Funny)
*Shades*
Yyyyyyyyyyyyyeeeeeeeeeeeaaaaaaaaaaahhhhhhhhhh
Re:Interesting (Score:3, Funny)
Funny, when I have people complaining about their audio on their computers I direct them to download the Realtek drivers to solve it.
Re:Interesting (Score:5, Funny)
Windows users are capable of using shortcuts? (Score:2, Funny)
I thought they would barely manage to point and click, and the keyboard were a mistery to them, just like the whole UI is designed to train them to behave... :/ But there are some competent UI designers out there. E.g. the Maya ones. :))
I doubt more than 5% of the (l)users actually know what a shortcut is, considering how they are intentionally hidden away as deep as possible, or even completely removed.
(I’m not hating Windows specifically. “modern” [aka. “dumbed down beyond being usable”] KDE/Gnome and OSX UIs often are not much better nowadays.
Re:Windows for SCADA? WTF?! (Score:3, Funny)
Solution (Score:5, Funny)
Re:Windows for SCADA? WTF?! (Score:4, Funny)
If the reliability of an embedded system is 1, and the reliability of a Windows system is i, then the modulus of the reliability of the two systems is the same.
Re:Windows for SCADA? WTF?! (Score:1, Funny)
Windows' reliability can only be expressed as an imaginary number?
Thanks, that explains a lot!
Re:Windows for SCADA? WTF?! (Score:5, Funny)
Windows' reliability can only be expressed as an imaginary number?
Thanks, that explains a lot!
Better yet, if you have a 2 independent systems running at the same time mirroring eachother, the odds failure is the odds of both of them failing at the same time.
(1 - i)(1 - i)
Or 1 -2i + i^2
And the reliability is thus
1 - [1 -2i + i^2]
Which is 1 - 2i.
Get a pair of pairs...
1 - 4i^2 = 5.
Four Windows boxes and you've got a reliability of 500%!
Re:Windows for SCADA? WTF?! (Score:4, Funny)
Ok, I am never flying on a Boeing again. Or any other aircraft. And given that modern computers on cars now use regular ethernet and unsecure protocols (see the papers on successful methods for injecting false commands to the engine and braking systems), I'm going to stay clear of the roads as well. Hell, just get me a Dyson Sphere on some star in some remote galaxy - and a wormhole so I can continue reading Slashdot. Gotta have Slashdot.
Re:Default SQL username and password in HMI (Score:4, Funny)
I'm assuming that this product is of the "Well, it sucks ass; but at least it was incredibly expensive..." school of enterprise software design?
Re:Windows for SCADA? WTF?! (Score:2, Funny)
The funny thing is that I work with a lot of GE products.
Sorry to hear that, if I ever catch up to you in the field I will pick up your bar tab.
Re:Windows for SCADA? WTF?! (Score:3, Funny)
The vector is the windows machine that is networked (stupidly) to older non windows boxen that do the SCADA work.
In theory, an attacker could manipulate the SCADA machines and cause disruption.
I worked with non-windows SCADA systems. Any windows boxes operated with proprietary software and proprietary communication keys. Without the keys, you have nothing. If any dickwad engineer insisted on windows communications, they deserve exactly what they get and I hope it's a Dell.
Re:Windows for SCADA? WTF?! (Score:4, Funny)
Re:Windows for SCADA? WTF?! (Score:1, Funny)
... hoping to become an unemployed UNIX admin.
Re:Interesting (Score:4, Funny)
Re:Windows for SCADA? WTF?! (Score:1, Funny)
Wow, 500%... and to think I would have been happy with a mere 100%