Yesterday the DHS ICS-CERT updated the
control system security alert for the ‘Petya Variant’ last Friday. That alert
was originally
published on June 30th. The updated provides links to three new
vendor (two of which I mentioned last week) publications concerning Petya:
• Honeywell;
• ABB
Interestingly the Honeywell page also provides a brief
mention of the CrashOverride malware (see the Dragos paper)
which ICS-CERT has still not mentioned even though that malware is specifically
directed at control systems instead of the Microsoft OS like Petya and
WannaCrypt.
The Dragger alert mentions a ‘vaccination’ method that
apparently can prevent Petya; adding a read only file called perfc (perfc.dll,
or perfc.dat also appear to work) to the C:\Windows directory. This has been
reported in a number of locations (see for example here),
but it has not been reported by ICS-CERT or US-CERT.
This update did not include mention of either the US-CERT
report (a much more technically detailed report than any of the previously
mentioned reports) or the Schneider report
that I mentioned last week. Obviously, more updates are in the offing.
Posts
No comments:
Post a Comment