UK Ministry of Defence stung by rapidly spreading virus
The U.K. Ministry of Defence is in the midst of an electronic fight with a computer virus that rapidly spread through its computer networks starting Jan. 6.
The virus infected computers throughout the military, including those used by the Royal Air Force and Royal Navy, and is one of the most severe attacks the organization has ever faced, according to a Ministry of Defence spokeswoman.
"Obviously with a computer system of our size we are fighting off viruses daily, but not of this scale," the spokeswoman said. "I don't think we've ever had an instance like this before."
The virus has affected e-mail systems and Internet access but has not jeopardized war-fighting systems, she said. Due to pre-existing security systems, no classified or personal data was compromised, the Ministry said.
Just 27 percent of the Ministry's computers meet current data security standards for holding classified information and personal data, it said earlier this week. About 31 percent of systems meet some standards, while the rest are being evaluated.
Efforts to contain and clean up the virus have resulted in widespread shutdown of systems, but the ministry declined to say how many machines in total are affected. A solution to prevent reinfection of the PCs is being tested.
"The reason why so many people are without their computers is because we've turned them off rather than they've been wiped or destroyed by this virus," she said.
Some Navy systems are now up and running, but the Ministry did not have an estimate of how many of those systems remain down. The ministry declined to say which warships have been affected, but news reports singled out the fleet flagship HMS Ark Royal, an aircraft carrier that went into service in July 1985.
Due to security reasons, the type of virus has not been publicly released, the spokeswoman said. However, the computer security community has been grappling lately with the Conficker worm, which targets a flaw in Windows Service Server, a component in Microsoft's Windows 2000, XP, Vista, Server 2003 and Server 2008 products.
Microsoft issued an emergency patch for the problem on Oct. 23, but security companies have said businesses have been hit hard by Conficker.
Systems become infected when a hacker constructs a malicious Remote Procedure Call (RPC) to an unpatched server, which then allows arbitrary code to run on a machine. Finnish security company F-Secure conservatively estimated the number of computers affected by Conficker at 3.5 million on Wednesday. In the span of one day earlier this week, F-Secure said it saw infections rise by 1 million machines.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
