On July 24, CERT-In director general Gulshan Rai wrote to oil ministry director (vigilance) P K Singh and power ministry saying they had detected a malware that was exploiting a recently-disclosed zero-day vulnerability in Microsoft Windows Shell that was improperly handling shortcut files.
Singh warned that Stuxnet was targeting certain components of SCADA systems. The trojan, or a computer mole, installed by the malware detects SIMATIC WinCC and PCS 7 software programmes from Siemens, devised for SCADA systems, and makes queries to any discovered databases by leveraging default passwords.
In other words, the Stuxnet trojan takes over the password used by various components in a computer system for talking to each other. This is different from a user password for logging on. It can, thus, steal vital information from a computer system and change its functioning or even cripple it.
SCADA stands for supervisory control and data acquisition. It generally refers to computer systems that monitor and control industrial processes such as manufacturing, oil production and refining, power generation infrastructure or facility-based processes. Understandably, anyone who controls a malware that is able to bite into the system can play havoc and steal information to use it for programming attacks with more specific targets.
According to Singh, the malware spreads through USB drives and it can also attack via network shares and a set of extensions that allow users to edit and manage files on remote web servers called web-based distributed authoring and versioning (WebDAV) in industry parlance.