Malware targets manufacturers

Manufacturing is one of the sectors targeted by a new malware variant that is not only able to steal passwords and other sensitive information, but is also capable of infecting files, researchers said.


Ursnif is the malware used by bad guys to steal passwords and other sensitive information from infected devices, but its variant detected as PE_URSNIF.A-O, is also capable of infecting files, said researchers at Trend Micro.

The United States and the United Kingdom account for 39.35% and 35.51%, respectively, of infections. Researchers also found the malware on computers in Canada (19%) and Turkey (1.92%). Education, financial, and manufacturing are among the sectors impacted by the threat, which ends up distributed via spam messages and Trojan downloaders.

The Ursnif variant analyzed by Trend Micro infects .PDF, .MSI and .EXE files found on removable and network drives. Unlike other similar pieces of malware, which insert malicious code into host files, PE_URSNIF.A-O embeds the host file into its resource section. When one of the infected files ends up executed by the victim, the malware drops the original file and opens it in an effort to avoid raising any suspicion.

Another anti-detection technique leveraged by Ursnif involves sleeping for 30 minutes before starting the infection routine. This helps the threat evade sandboxes, which usually monitor suspicious files for only up to five minutes to see how they behave.

"The fact that a family known for spyware now includes file infectors shows that cybercriminals are not above tweaking established malware to expand its routines," Trend Micro threat response engineer, RonJay Caragay, said in a blog. "The expansion into file infection can also be seen as a strategic one. A different file infector type (e.g., appending) requires a different detection for security solutions; not all solution may have this detection."

IT administrators can protect their networks against such threats by paying attention to the way network shares end up configured. This includes ensuring that computers don't have full access to the network, and configuring network access to read-only.

Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on the ISSSource website. ISSSource is a CFE Media content partner. Edited by Joy Chang, Digital Project Manager, Control Engineering, jchang(at) 

No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Big Data and IIoT value; Monitoring Big Data; Robotics safety standards and programming; Learning about PID
Motor specification guidelines; Understanding multivariable control; Improving a safety instrumented system; 2017 Engineers' Choice Award Winners
Selecting the best controller from several viewpoints; System integrator advice for the IIoT; TSN and real-time Ethernet; Questions to ask when selecting a VFD; Action items for an aging PLC/DCS
This digital report will explore several aspects of how IIoT will transform manufacturing in the coming years.
Motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Future of oil and gas projects; Reservoir models; The importance of SCADA to oil and gas
Big Data and bigger solutions; Tablet technologies; SCADA developments
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
click me