Malware targets manufacturers

Manufacturing is one of the sectors targeted by a new malware variant that is not only able to steal passwords and other sensitive information, but is also capable of infecting files, researchers said.


Ursnif is the malware used by bad guys to steal passwords and other sensitive information from infected devices, but its variant detected as PE_URSNIF.A-O, is also capable of infecting files, said researchers at Trend Micro.

The United States and the United Kingdom account for 39.35% and 35.51%, respectively, of infections. Researchers also found the malware on computers in Canada (19%) and Turkey (1.92%). Education, financial, and manufacturing are among the sectors impacted by the threat, which ends up distributed via spam messages and Trojan downloaders.

The Ursnif variant analyzed by Trend Micro infects .PDF, .MSI and .EXE files found on removable and network drives. Unlike other similar pieces of malware, which insert malicious code into host files, PE_URSNIF.A-O embeds the host file into its resource section. When one of the infected files ends up executed by the victim, the malware drops the original file and opens it in an effort to avoid raising any suspicion.

Another anti-detection technique leveraged by Ursnif involves sleeping for 30 minutes before starting the infection routine. This helps the threat evade sandboxes, which usually monitor suspicious files for only up to five minutes to see how they behave.

"The fact that a family known for spyware now includes file infectors shows that cybercriminals are not above tweaking established malware to expand its routines," Trend Micro threat response engineer, RonJay Caragay, said in a blog. "The expansion into file infection can also be seen as a strategic one. A different file infector type (e.g., appending) requires a different detection for security solutions; not all solution may have this detection."

IT administrators can protect their networks against such threats by paying attention to the way network shares end up configured. This includes ensuring that computers don't have full access to the network, and configuring network access to read-only.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. ISSSource is a CFE Media content partner. Edited by Joy Chang, Digital Project Manager, Control Engineering, jchang(at) 

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Controller programming; Safety networks; Enclosure design; Power quality; Safety integrity levels; Increasing process efficiency
Additive manufacturing benefits; HMI and sensor tips; System integrator advice; Innovations from the industry
Robotic safety, collaboration, standards; DCS migration tips; IT/OT convergence; 2017 Control Engineering Salary and Career Survey
Featured articles highlight technologies that enable the Industrial Internet of Things, IIoT-related products and strategies to get data more easily to the user.
This article collection contains several articles on how automation and controls are helping human-machine interface (HMI) hardware and software advance.
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Mobility as the means to offshore innovation; Preventing another Deepwater Horizon; ROVs as subsea robots; SCADA and the radio spectrum
Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me