In its current ICS-CERT Monitor, the US Computer Emergency Response Team (US-CERT) Accounts that two power utilities in the US suffered virus infections in the last quarter of 2012. Both cases, industrial control schemes were infected via USB flash drives. The malware caused a power generation plant closed down for several weeks.
In the first incident, an employee who executed a routine maintenance on control systems discovered that the USB drive he was utilizing seemed to malfunction.
The IT department became involved and utilized a different system with up-to-date anti-virus software to check the USB drive, the software allegedly detected infections. The malware on the systems was found to be a variation of the Stuxnet worm that had subverted industrial sites in Iran, including a power generation utility in Hormozgan province; even so, the report does not specify the exact nature of the malware.
In the second incident, machines at a power generation utility were contaminated via the USB drive of a third-party technician who had reportedly been unaware of the malware. In this instance, the ICS-CERT believes the disruption to the devices to have been caused by “crimeware”. It also took the power utility company several weeks before it could return to service.
