| 27 |
| Mar |
Article from Rik Ferguson
Filed under: malware | RSS 2.0 | TB | Tags: conficker, government, malware, worm_downad | 9 Comments
According to blogger Dizzy Thinks, the UK Parliament has become the latest institution to fall victim to the spread of Downad/Conficker. In an internal memo, which was subsequently leaked, network users were advised the following:
To: All users connecting directly to the Parliamentary Network
The Parliamentary Network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts. We are continuining [sic] to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected.
We are scanning the Network and if we identify any equipment which we believe is infected with the virus then we will contact you to ensure that the device is either removed from the Network or cleaned and loaded with the correct software to prevent this infection reoccurring.
You can help us to contain this problem and prevent new infection by adhering to the following advice:
- We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately.
- An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software. We ask that for the time being you do not use memory sticks or any other portable storage devices on the Parliamentary Network.
- If you do identify a problem with the equipment you are running, please contact the PICT Service Desk on 020 xxxx 200x when it reopens on Wednesday 25 March from 8am.
- If you are connecting using one of our remote access services, from a Constituency Office for example, a separate communication will be sent to you.
Director of Parliamentary ICT.
This raises several salient questions in my mind…
1- What the expletive are “unauthorised devices” doing on the Parliamentary network in the first place? Of all the organisations in the country you would expect the UK parliament to be using Network Access Control technology to keep the wrong ‘uns out!
2- What kind of anti-malware solution are they running there that allows a worm to “skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software” and also, one that doesn’t detect the worm itself?
3- Where’s the port control or DLP solution?Tthe memo itself being made public amply demonstrates (if any proof were needed) that the potential for data leakage exists, and this is Parliament.
4- What kind of message is this “We are unable to clean PCs and portable computers which are not switched on“? Surely this could be interpreted as “We are experiencing an outbreak, please make sure all computers are switched on“. That doesn’t sound like good containment policy to me.
I don’t want this post to be entirely negative though, so, Dear Parliament, if you are having trouble cleaning this up, give us a call we’ll come and do it for nothing.
| U.K. parliament computers get Confickered: Monday, April 25th 2010, 10:15 pm -> Saturday, 28. March 2009 um 8:46 pm |
|
|
[...] his own blog post, Trend Micro security researcher Rik Ferguson questioned the security practices that could have [...] |
|
| Conficker u parlamentu - Download.hr Forum: Monday, April 25th 2010, 10:15 pm -> Sunday, 29. March 2009 um 12:49 pm |
|
|
[...] stickove i sli |
|
| “UK Parliament Conficked!” « hep-cat.de: Monday, April 25th 2010, 10:15 pm -> Sunday, 29. March 2009 um 9:42 pm |
|
|
[...] Parlament erwischt, wahrscheinlich aufgrund von unautorisierten Geräten eingeschleppt und dann fröhlich die Verbreitung im Netzwerk angetreten. Die Bereinigung läuft nun auf Hochtouren zumal am 1. April 2009 Software-Updates des Wurmes [...] |
|
| Conficker infecta el Parlamento británico | Gadget Blog Windows: Monday, April 25th 2010, 10:15 pm -> Monday, 30. March 2009 um 9:34 am |
|
|
[...] para poder desinfectar los ordenadores británicos. Según el investigador en seguridad,la red del Parlamento británico infectada era muy vulnerable a cualquier [...] |
|
| Conficker-Wurm bef: Monday, April 25th 2010, 10:15 pm -> Monday, 30. March 2009 um 12:17 pm |
|
|
[...] einem Blogeintrag kritisierte der Trend-Micro-Sprecher Rik Ferguson die Sicherheitsma |
|
| » Conficker infecta el Parlamento británico - AlgoEstaPasando.com: Monday, April 25th 2010, 10:15 pm -> Monday, 30. March 2009 um 11:30 pm |
|
|
[...] para poder desinfectar los ordenadores británicos. Según el investigador en seguridad,la red del Parlamento británico infectada era muy vulnerable a cualquier [...] |
|
| La red informática del Parlamento británico, infectada por Conficker « Marcelo Amezquita |Soluciones IT: Monday, April 25th 2010, 10:15 pm -> Tuesday, 31. March 2009 um 2:25 pm |
|
|
[...] investigador de seguridad de Trend Micro, Rik Ferguson, ha hecho hincapié en su blog en la debilidad de la seguridad de la red informática del Parlamento [...] |
|
| “Conficker”-Wurm befällt britisches Parlament: Monday, April 25th 2010, 10:15 pm -> Wednesday, 1. April 2009 um 8:42 am |
|
|
[...] abgeschlossen werden, sodass keine weiteren Computer mit dem Conficker-Wurm infiziert werden. Sicherheitsexperte Rik Ferguson ist verwundert das unautorisierte Geräte auf das Netzwerk des Parlaments Zugriff [...] |
|
Monday, April 25th 2010, 10:15 pm -> Saturday, 28. March 2009 um 7:29 pm
[...] his own blog post, Trend Micro security researcher Rik Ferguson questioned the security practices that could have [...]