India detected Stuxnet in July

While the rest of the world wondered what was happening with the Stuxnet worm, the Indian government’s cyber defence team had already neutralised it.

According to the Department of Information Technology’s Computer Emergency Response Team (CERT-In) it averted a disaster in India’s energy sector by detecting the threat as early as July and advising state-run firms on a workaround to prevent attacks on computer systems controlling their operations.

Apparently on July 24, CERT-In director general Gulshan Rai wrote to oil ministry director P K Singh and the power ministry saying it had detected malware that was exploiting a recently-disclosed zero-day vulnerability in Microsoft Windows Shell.

Singh warned that Stuxnet was targeting certain components of SCADA systems. The trojan, or a computer mole, installed by the malware detects SIMATIC WinCC and PCS 7 software programmes from Siemens, devised for SCADA systems, and makes queries to any discovered databases by using default passwords.

He claimed that the Stuxnet trojan took over the password used by various components in a computer system for talking to each other.

Singh warned that the malware spread through USB drives and it could also attack via network shares and a set of extensions that allow users to edit and manage files on remote web servers called web-based distributed authoring and versioning.

CERT-In also advised the ministries on workarounds and other counter-measures.

While the Indians are clearly patting themselves on the back in this announcement it begs the question as to why the rest of the world was not told.