Conficker infects UK parliament
A report yesterday (Thursday 26th of March) from Channel 4 News reveals that the UK parliamentary IT system has been infected with the [ticker:uk_1122416 Conficker worm].
Despite persistent questioning by Channel 4 a parliamentary spokesperson, apart from admitting the infection had occurred, refused to say how long the infection might have been present, or indeed to say anything else. When asked when the anti-virus systems on the parliamentary network had last been updated the reply was again – no comment.
Since all the major anti-malware software providers have had protection against Conficker in place since November 2008 it would appear that anti-malware updates of the entire parliamentary network are not carried out on a consistent and regular basis. This leads to further general concerns about the lack of integrity and competence of administration of parliamentary IT. However, the fact that Conficker was detected indicates that at least one machine on the network must be relatively up to date.
Following the discovery of the infection a warning email was sent to parliamentary staff with the request: "We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately." The implication is that it's not unknown for machines to be connected without virus checks, firewalls or previous authorisation.
It has been suggested that the infection is linked to the G20 summit taking place in London next week. The Conficker code contains an activation date of April the 1st when the creator will take control of the botnet for an, as yet, unknown purpose.
- Worth Reading: An Analysis of Conficker-C, a report from The H Security.
- Tools to remove Conficker, a report from The H Security.
- Conficker modified for more mayhem, a report from The H Security.