Software: PLC-Blaster

From attackics
Jump to navigation Jump to search
PLC-Blaster
Software
ID S0009
Aliases PLC-Blaster
Type Malware

PLC-Blaster is a piece of proof-of-concept malware that runs on Siemens S7 PLCs. This worm locates other Siemens S7 PLCs on the network and attempts to infect them. Once this worm has infected its target and attempted to infect other devices on the network, the worm can then run one of many modules.12

Associated Software Descriptions

  • PLC-Blaster - 1

Techniques Used

  • Remote System Discovery - PLC-Blaster scans the network to find other Siemens S7 PLC devices to infect. It locates these devices by checking for a service listening on TCP port 102.1
  • Program Organization Units - PLC-Blaster copies itself to various Program Organization Units (POU) on the target device. The POUs include the Organization Block, Data Block, Function, and Function Block.1
  • Denial of Service - The execution on the PLC can be stopped by violating the cycle time limit. The PLC-Blaster implements an endless loop triggering an error condition within the PLC with the impact of a DoS.1