Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days. The malware was likely introduced into the GMP network after an already infected memory stick was plugged into a Windows PC. …
Stupid Stupid Stupid
Conficker? Do they not have AV protection, WSUS, IPS, IDS?
Come on public sector get your acts togethor with your IT infrastructure otherwise your just going to go round in circles! Dont use the lack of funds excuse, all of the above can be purchased for zero pence. Dont use the overworked/underpaid excuse all IT admins are overworked/underpaid but some things need to be a priority such as securing your IT environment from malware like this.....Somebody needs to be held to account for not doing thier job here its nearly a year since this worm was discovered and GMP still dont have the neccessary protection???
Their sys admins are incompetent fools,
But just why were they using USB sticks to transfer data, Is that because burning it to CD is vorboten after the last govt leak?
Bad practise if you ask me, USB sticks and sensitive data mean trouble.
Fire the sysadmins
I'm a sysadmin for a small business with a lot less to lose than a police force, but by keeping on top of emerging threats via outlets such as el reg I took steps to protect our business against autorun.inf type attacks over a year before Conficker became prevalent. I like to call this "doing my job".
There's a very simple registry hack that shuts down autorun.inf permanently that should be applied as a matter of course to all business machines running XP. Anyone who hasn't done it isn't fit to call themselves a Windows sysadmin.
WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\", "@SYS:DoesNotExist", "REG_SZ"
Plug in your USB sticks with impunity for no harm can come of it that your AV scanner won't pick up.
Not entirely true (M'lud)
"Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers.."
I think they mean WINDOWS computers
However, you have to admit that anyone daft enough to run a year behind on Critical patches is going to get pwned eventually, regardless of the O/S they run (unless you're relying on "security through obscurity" here - a self-defeating argument).
Re : Too true
I agree entirely - up-to-date & secured as much as possible.
Just trying to highlight that in the media " poor computer security" usually means " poor Windows security"
Not entirely true
Not only Windows computers are at risk. There are autorun viruses for the Mac as well- well, pre OS-X PowerPC Macs. I know because I almost became victim of one- it came via an infected Zip-100 disk that I was to convert to windows format for a relative that runs a desktop publishing business. Yes, it's that notorious Autostart-9805 worm. Good thing the antivirus caught it and cleared it before it could launch.
It's a shame that Symantec doesn't make antiviruses as effective as that anymore.
Tux, since so far the only way viruses are going to get on Linux box is if you fool someone into logging in as administrator to run the infected executable, and Linux users aren't that stupid.
I can't immediately think of a reason why USB access should be allowed on this type of network, which ought to be subject to military-style restrictions. If it's genuinely unavoidable, it's not as though AV software that forces a scan of removable drives prior to allowing connection is hard to come by.
I never cease to be amazed about people who run mission critical systems on top of MS Windows machines. How long before someone dies as a result ?
Give it a rest
Security is (in my rather extensive experience) about 5% due to the underlying OS and 95% to do with how it's configured (and that's being generous). It's perfectly possible to have highly secure and reliable Windows installations, it only requires someone who knows what they're doing. Equally, I've seen plenty of examples of insecure systems not based on a Windows OS.
If Windows has a real weakness, it's that Microsoft have focused on ease of use to the point at which some people, who really shouldn't be responsible for anything more technologically complex than a fist axe, can masquerade as system administrators. Government organisations are prone to selecting candidates for this type of position on the basis of cheapness (and heaven knows the private sector can be equally guilty of this, too), with the results that we see here.
stories like this
make me want to do the Moss IT Crowd firewall/security rant :D
but I'm not going to.
If they had to disconnect their subnet
me thinks they still didn't have the patch installed. I mean, otherwise they would have needed to plug the infected beastie into all of the computers now wouldn't they?
Hi, I'm the Conficker Worm...
...and I designed Windows 7.
That's why we've not been able to connect to them :-P
and you trust these people to deal with law and order
when they can't even maintain basic levels of "housekeeping"?
there must be a queue of AV vendors lining up to pitch a mandatory installation and update regimen at 4x the usual (civilian) cost to help secure the vital backbone of law enforcement.
heck, if there's not you have to wonder why not!
This isn't difficult to protect against... if year old threats are bringing down the system who knows what else is happening there and elsewhere
Have these people never heard of auto-update?
I mean come *on*. Conficker needs an unpatched system or it won't work! Let's see, there are so many levels of fail here it's dizzying.
1) *EVERY* AV program catches Conficker!!!! EVERY SINGLE ONE. Meaning these system didn't have AV. Which, in today's environment is like going into battle stark naked and blindfolded!
2) The patch has been out for well over a year now. November of 2008 if memory serves. Why wasn't it applied? On top of which auto-update would have patched it wihout anyone having to do *anything*.
3) Conficker needs admin access, so running as a normal user blocks it. This is admin 101 stuff.
So basically the police failed at basic security--how ironic.
Utter, sensational, EPIC FAIL.
So Cornficker requires USB stick access
So that means that plod can walk off site with details off the PNC that should not leave the station.
Oh thats REALLY reassuring
probably came in the door via...
an infected NHS laptop that had failed to auto-upgrade to SP3
since the NHS is awash with pc's that have become infested with malware and trojans since they are only able to work with the spline software on ie5 and ie6.
anyone upgrading thier pc's suddenly finds they cannot work, and the effectivly bricked pc has to be sent to support for a rebuild.
Windows 7 FTW
Why don't they run Windows 7? It's beautiful, feature-rich and virus-free. XP sucks balls.