The plant in question, Gundremmingen, lies about 75 miles outside of Munich. The infected computer was installed in 2008 for visualizing data associated with transporting fuel rods, but by now is probably being carefully disassembled and disposed of.
Despite the pile of infections taking up space on the computer, nothing about the plant’s operation was compromised. That’s because the computer, which was used for visualizing fuel rod data, wasn’t connected to the Internet. None of the dangerous malware was activated, so the only way it could have spread was through USB drives.
Speaking of which, the German officials identified 18 USB drives that were also infected. Again, the infections weren’t causing issues, as they were all used on systems outside of the Internet’s domain.
Some of the malware found on the system is particularly nasty. W32.Ramnit, a virus Symantec first identified in January of 2010, travels through removable drives, and attempts to capture social media and banking passwords in browsers. Another worm, Conficker, was first discovered in 2010, and attempts to use the machine as part of a botnet, usually for denial of service attacks. It’s a keylogger as well, typically targeting users on social media.
But without a connection to the Internet, none of the malware could be activated. Even if it was, the machine wasn’t used for banking or social media, so the keylogging and botnet functions would’ve been effectively useless. Power plant officials have stepped up cyber security around all of its systems in response.
Nuclear power plants definitely come in near the top of the list of facilities I don’t want a virus to infect, and it’s not hard to see why they might be a target for hackers. In this case, the German power plant was lucky that particular system had an air gap between itself and other machines.
