Parliamentary computers have been infected by the Conficker worm, like an estimated 10m PCs worldwide – and experts fear next week will see problems worsen
The House of Commons internal computer network has been infected by the ‘Conficker’ worm that has also infected millions of Windows PCs around the world, and has had to ban its users from attaching outside storage – such as USB ‘memory sticks’ – in case it gets reinfected.
The revelation is an embarrassment for the organisation running the network, which contains nearly 1,000 computers, because Microsoft issued a fix for the weakness that leaves PCs vulnerable in October – meaning that they have been lax in applying necessary security fixes. MessageLabs, owned by Symantec, is understood to be responsible for the antivirus and antispam filtering of communications with the network.
A memo sent out in the House of Commons network on Tuesday night warned that ‘the Parliamentary network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts.’ It instructs users to leave computers turned on – so that they can have the malware removed – and that unauthorised computers be removed from the network.
Memory sticks, which can be used to transfer the worm accidentally between computer networks, have also been banned while the system is cleansed.
None of MessageLabs, the Parliamentary Information Communications and Technology helpdesk or a spokeswoman nominated by PICT had responded to requests for comment when this story was filed.
Security experts are meanwhile trying to work out whether the Conficker worm, which has infected roughly 10m Windows PCs around the world, will devastate the internet on 1 April, when it is due to seek out an update to its controlling software from the unknown group that wrote the original infecting code.
Antivirus companies have managed to decode enough of the code of the program – also known as ‘downadup’ – to realise that from next Wednesday it will start to check 50,000 randomly-named domains which might be registered in any one 110 different countries, seeking one site that will have been set up to issue it with new instructions.
That marks a step up from earlier versions of the worm, which used to check 250 sites per day – but which was defeated because in an unprecedented effort, a multinational industry security team managed to block all of the potential domains, including a number in China.
The fears are that the update might instruct the infected machines to start an all-out attack on major sites such as Google, Yahoo or Amazon – all of which have been targets of ‘denial of service’ attacks by large groups of infected computers, known as ‘botnets’, in the past.
But it is more likely that the computers will simply get updated orders to carry on sending out spam emails, or hosting ‘phishing’ sites – which look like official bank or credit card sites but are fake, and collect information to send to the botnet’s owner.
The worm seems to have been developed by Chinese hackers, but its purpose is not clear. It has spread to millions of PCs, often in corporate organisations, by exploiting a flaw in older versions of Microsoft’s Internet Explorer browser.
In February, Microsoft put a $250,000 bounty on the head of the writer, or writers, of Conficker: ‘The Conficker worm is a criminal attack. People who write this malware have to be held accountable,’ said George Stathakopoulos, of Microsoft’s Trustworthy Computing Group.
‘We don’t know who’s behind this worm, but they seem to be pretty professional in what they do,’ noted F-Secure, one of the antivirus companies that was first to spot the worm. The worm uses a cryptographic system called the MD6 hash algorithm, which encodes its content using a secure new system that has proven impossible for antivirus teams to break.
But others think it will be less dramatic. ‘What happens on April Fool’s day is anyone’s guess,’ noted Vinoo Thomas of McAfee. ‘But what have we learnt from history? From the days of [the] Michelangelo [virus, in 1992] to the recent Blaster, SoBig, Sober and Kamasutra worms, the hype surrounding the activation or payload dates of major Internet worms have only turned out to be damn squibs.’
Rick Wesson, of the industry team that has built up around efforts to defeat Conficker, thinks that its legacy may turn out to be positive: because it has forced different countries to work together, it has created the first forms of a worldwide cyber security system. ‘No matter what happens with Conficker, it’s created something here….a beautiful opportunity to bring cyber security to the kitchen table,’ he told the Washington Post.