FAQ: Are COPA-DATA downloads affected by Trojan Havex RAT? How can I verify if the downloaded setup is the original non-modified version of this setup? Does zenon use OPC Server?

FAQ: Are COPA-DATA downloads affected by Trojan Havex RAT? How can I verify if the downloaded setup is the original non-modified version of this setup? Does zenon use OPC Server?

Malware producers of the Trojan Havex RAT have recently focussed on Industrial Control Systems. Through security holes, installer files for software used in industrial control systems have been modified on different vendors websites without them becoming aware of the fact.

The modified downloaded installer would normally install the software, yet install an additional file that is the actual Trojan malware. The function of the original software remains mainly unaffected by this action.

The Trojan malware downloads additional components from C&C servers. One of these components scans computers on the local network for OPC server.

At this stage the security of the COPA-DATA website has not been breached and the downloads offered on the website still match the originals produced by COPA-DATA.

It is a however still a good practice to verify if an installer matches the original installer produced by the manufacturer prior to installation of a software. Especially if this software is used in critical infrastructure or other critical sectors or applications.

Comparing the file date or file size is not be sufficient. COPA-DATA generates MD5 and SHA1 hashes of installer files prior to uploading these to the COPA-DATA website. Checksums allow for a far more comprehensive check of the contents of the file. Changing a single byte in any of the files on the installation media would result in a different checksum.

Previously these checksums were also published on the COPA-DATA website in the download section. Assuming an attacker would be smart enough to break the security of the COPA-DATA website and introduce an additional .dll file to the installer, such an attacker would also change the checksums that are published on the same website.

If you want to make sure that the downloaded installer corresponds to the original installer produced by COPA-DATA, please generate a MD5 or SHA1 checksum of the downloaded installer yourself, using any of the many tools available, and send an e-mail to your local COPA-DATA support to verify the checksum.

zenon provides a classic OPC DA server as an optional component. Normal zenon functionality does not require OPC technology. By default with the zenon installation, the OPC server is installed, however it requires a manual registration. Also the additional components from the OPC foundation that are required for the zenon OPC server are not installed by default and are only included on the setup media.

Should the OPC core components be installed and the zenon OPC server be registered, it is not automatically configured for DCOM access.

COPA-DATA does not support the use of the zenon OPC server or OPC client over DCOM. While technically DCOM can be configured for the zenon OPC server, COPA-DATA strongly recommends using only local OPC communication through the means of a zenon Service Engine client with a zenon OPC server on the same PC as the 3rd part OPC client software. If communication over the network is required and a zenon Service Engine client cannot be used COPA-DATA recommends using different technologies such as the COPA-DATA OPC UA (Unified Architecture) server.