Software Integrity Blog


German nuclear plant finds PCs full of viruses

More than a dozen common computer viruses have been found on PCs at one nuclear plant in Germany, according to its operator.

The German utility RWE, which runs the Gundremmingen plant, located about 75 miles northwest of Munich, said it found the malware “W32.Ramnit” and “Conficker,” among others, in a computer system the company retrofitted in 2008. The computers run data visualization software associated with equipment for moving nuclear fuel rods and are not connected to the internet. The plant in question is currently offline for maintenance and not producing power.

Because the compromised computers are “air gapped,” on a separate physical network, the viruses (which were removed) may have been there for years and were not effective. But malware was also found on 18 removable data drives and USB sticks in office computers separate from the plant’s operating systems. Germany’s Federal Office for Information Security (BSI) is investigating.

Ineffective malware is quite common in Industrial Control Systems due to incompatibility issues with operating systems and system environments.

In a Reuters News Service article, Mikko Hypponen, chief research officer at F-Secure, recounted the story of a European aircraft maker who regularly cleaned the cockpits of its planes for Android malware. The malware, it said, came from workers who used the USB ports in the cockpit to recharge their phones. However, since the aircraft uses a different operating system, the Android malware was ineffective. “The most common viruses spread without much awareness of where they are,” Hypponen said. The aircraft company cleans the cockpits if only to keep others from charging their phones and getting infected.


More by this author