Symantec: 1,100 NHS infected desktops
Symantec says that it has detected botnet infections on more than 1,100 separate computers spread across multiple subnets within the UK National Health Service (NHS) network. According to a Symantec blog post, the NHS computers are infected with the Qakbot botnet (W32.Qakbot).
The security specialist says that the Qakbot botnet works by monitoring compromised systems for a variety of types of sensitive information. Once located, it uploads the stolen data to an FTP server. This information typically includes, for example, online banking details, credit card information, online search history and user credentials for social networking sites and email services.
While there is no evidence to show that any customer or patient data has been stolen, Orla Cox, Symantec security operations manager, said, "This is very much a consumer threat," adding that, "Once it gets into a corporate environment, it looks for consumer data." While the NHS has yet to make an official comment, ZDNet say that the NHS is "aware of the Symantec discoveries and is investigating the issue."
- Report: Symantec says PDF readers and IE are biggest targets, a report from The H.
- Inside the Security Operations Center, a feature from The H.