Tainted GOM Player Update Loaded at Nuke

Thursday, February 6, 2014 @ 03:02 PM gHale

In another case of employees downloading malware infested software in a critical infrastructure environment, an employee at the Monju fast breeder reactor in Japan installed an update for the GOM Player, which is video playback software.

The end result was the GOM Player update was loaded with the correct software and malicious software, said researchers at Kaspersky Lab.

Java Bot Attacks Any OS
Trojan Slowed, but not Gone
Trojan Remains a Danger After Deleted
Fake Ads on the Attack

The nuclear plant employee responsible for the infection downloaded a file called GoMPLAYER_JPSETUP.EXE, said Kaspersky researchers. This is actually a self-extracting RAR archive file that contains a legitimate update for GOM Player and another executable in RAR format (GOMPLAYERBETASETUP_JP.EXE).

This second archive contains five malicious files that unleash a backdoor detected by Kaspersky as Backdoor.Win32.Miancha.

The investigation is ongoing, so Japanese authorities haven’t provided too many details on the incident.

After news of it came to light, researchers said this probably wasn’t an attack targeted at the nuclear facility, but a random infection caused by an employee’s carelessness. However, they’ve warned nuclear plants, whether they are operating or not, need to remain vigilant and focus more on securing their environment.

Leave a Reply

You must be logged in to post a comment.