Nachi Worm on Advanced Process Control Servers
Staff noticed that the Advanced Process Controls (APC) Servers were getting slower and slower. Investigators found Nachi virus on 8 APCs (running Windows 2000) and disconnected these servers from production network for 5 hours. The virus was not detected on the Honeywell DCS stations (running Windows NT).
Incident reduced feed for several hours (Running in a safer mode).
|Action Description:||Changed firewall rules, changed policy, antivirus policy. The company will also be starting measures to better separate the APC Network from central business network.|