Siemens: Removing SCADA worm may harm industrial systems

IDG News Service - Removing a dangerous worm that targets industrial systems could disrupt plant operations, Siemens Industry warned customers Thursday.

The warning came as Siemens released a new tool that finds and removes the malicious software along with a full-fledged security update for its SCADA (supervisory control and data acquisition) management products.

Siemens on Thursday released the update along with the tool, developed by security vendor TrendMicro. But in a note sent to customers, the company warned users to check with customer support before removing the software from an infected SCADA system. "As each plant is individually configured, we cannot rule out the possibility that removing the virus may affect your plant in some way," the note reads.

The worm was identified by security vendor VirusBlokAda last month. So far, it has been identified on only one system running Siemens' software -- an engineering computer used by an unnamed German organization. "A production plant has not been affected so far," Siemens said.

Called Stuxnet, the worm is the first publicly identified piece of malware to target SCADA computers, which are used to control things such as manufacturing plants and utility systems. The worm copies itself to other USB systems on the computer and scans for Siemens Simatic WinCC or PCS 7 software. If it finds one of these programs, it tries to upload data from the systems to the Internet.

Siemens doesn't know who built the worm, but is investigating and plans to pursue the matter to the "full extent of the law," the company said on its website.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com