Alex Gostev, chief malware expert at Kaspersky Lab in Russia, found that Stuxnet sent to the command servers a file—named Oem6c.pnf—that identified not only which Siemens program was installed on the computer (the Siemens Step 7 programming software or the WinCC program, which operators use to monitor conditions on their PLCs) but also included a list of any Step 7 project files on the machine and the path string that showed where on the computer the files were located. The Step 7 project files contain the programming commands for PLCs. Gostev suspects that anytime the attackers found project
...more
