As it turns out, Germany's Gundremmingen NPP has been found to be infected with remote-access trojans and file-stealing malware. Reuters reports that these included "W32.Ramnit" and "Conficker", which were found in a computer system that deals with data visualization related to equipment that moves nuclear fuel rods. At least 18 removable drives similar to USB sticks being used at the facility were also affected. The contamination was thought to have been introduced through the use of corrupted USB sticks, which is how Iran's enrichment facilities earlier became infected with the Stuxnet computer worm.
The malware was discovered by employees of the German utility RWE. Conficker is a worm first detected in 2008 designed to steal user credentials and personal financial data and turn infected computers into "bots" to carry out distributed denial of service (DDoS) attacks. W32.Ramnit provides attackers with a remote access tool and allows them to steal files and inject code into webpages to capture banking data, was also discovered on the system.
However, the reactor system infected at Gundremmingen was not connected to the internet, so the malware was unable to "phone home" to the remote systems that control it. German utility RWE said it has increased its cyber security measures as a result of the discovery and has asked the Federal Office for Information Security to help with an investigation into how the malware was introduced.
