This evening the DHS ICS-CERT published an alert concerning
the Havex RAT publicly
reported by the folks at F-Secure with a follow-up
article at Arstechnica.com. Both sources provide more information than does
ICS-CERT.
The Havex Remote Access Trojan (RAT) has reportedly been
used to gather information about industrial control systems. What makes this
particular RAT of specific concern is that at least some of the infections
detected by F-Secure were pickup up from compromised web sites of control
system vendors. F-Secure has not publicly identified the three specific web
sites that were compromised.
The interesting comment in the ICS-CERT advisory (beyond the
most basic reporting about the RAT) is the notice that they have released a
third-party report on the US-CERT secure portal. Hopefully, some of the as of
yet ‘unverified’ information in that report is the list of affected web sites.
This is obviously a preliminary effort by ICS-CERT. They
report that they are working to:
• Evaluate the install/deployment
base of the reported affected vendors
• Provide additional indicators of
compromise
• Identify any affected entities in
the US
• Reach out to the ICS vendors that
were compromised and offer assistance in identifying those customers that may
have visited the web site and downloaded the Trojan.
They are also requesting that any organization that feels
that they may have been affected by the Havex malware contact ICS-CERT. This
will help them identify more details about the problem.
Posts
No comments:
Post a Comment