Stuxnet also found at industrial plants in Germany
Siemens is reporting that industrial plants in Germany have also been hit by the Stuxnet worm. According to Wieland Simon, press spokesperson at Siemens, approximately one third of the 15 infections discovered at industrial plants worldwide have been found at sites in the German process industry sector. Siemens' own plants are said not to be affected.
Analyses by Siemens have reportedly confirmed that Stuxnet can, in theory, manipulate Programmable Logic Controllers (PLCs). However, this behaviour has so far not been observed in the wild. According to Simon, Stuxnet checks the configurations of infected WinCC or PC7 systems for existing data blocks. If it finds suitable blocks, it becomes active and modifies the controller code. If it doesn't find any, it remains inactive. The worm seems to look for specific types of systems to manipulate. Siemens couldn't provide any details about which systems precisely are or could be affected. Simon added that no system with an active worm has so far been observed.
On their web site, automation system security specialists Langner Communications have released a more detailed analysis of how Stuxnet manipulates PLCs. According to this analysis, the worm injects arbitrary code when transmitting blocks of code to the PLC. To compromise data transmissions, it diverts the data via a wrapper DLL before submitting it to the SIMATIC Device Operating System's original s7otbxdx.dll library for processing.