Development, Politics, Pop Culture

Last Friday, Microsoft issued a security advisory about a trojan that infects computers by exploiting how Windows loads a shortcut (.ink) icon.

Once a malicious icon loads on the desktop, you're toast

Once the PC has been compromised, the trojan will infect any USB device that gets plugged into the computer. The trojan spreads on USB devices and through shortcut icons sent across some types of network.  Either way, once Windows loads the corrupt shortcut icon for the USB device or network link, the PC has been compromised.

What’s scary/interesting about this trojan is that it’s specifically targeting the Siemens SCADA WinCC industrial control system.  Industrial control systems (abbreviated SCADA) are used in manufacturing plants, oil rigs, and nuclear power plants.

Siemens WinCC interface

The corrupt shortcut icon used to install the trojan had a valid digital signature from Realtek, a Taiwan based semiconductor company.  Furthermore, it exploited something deep inside the Windows kernel, as every version of Windows from XP onward was affected.  Verisign has since revoked Realtek’s digital signature.

While I think that the idea of “cyberwar” is fear, uncertainty, and doubt over a global free internet backed by a profit motive, this trojan did use a foreign company’s digital signature to break into nuclear power plant control systems.

Microsoft won’t be issuing a patch until probably August 10th.  Siemens is also working on a patch.