back to article Manchester cops clobbered by Conficker

Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days. The malware was likely introduced into the GMP network after an already infected memory stick was plugged into a Windows PC …

COMMENTS

This topic is closed for new posts.
  1. spar1grep
    FAIL

    Stupid Stupid Stupid

    Conficker? Do they not have AV protection, WSUS, IPS, IDS?

    Come on public sector get your acts togethor with your IT infrastructure otherwise your just going to go round in circles! Dont use the lack of funds excuse, all of the above can be purchased for zero pence. Dont use the overworked/underpaid excuse all IT admins are overworked/underpaid but some things need to be a priority such as securing your IT environment from malware like this.....Somebody needs to be held to account for not doing thier job here its nearly a year since this worm was discovered and GMP still dont have the neccessary protection???

    1. N2

      Agreed

      Their sys admins are incompetent fools,

      But just why were they using USB sticks to transfer data, Is that because burning it to CD is vorboten after the last govt leak?

      Bad practise if you ask me, USB sticks and sensitive data mean trouble.

  2. Joeykins
    FAIL

    Fire the sysadmins

    I'm a sysadmin for a small business with a lot less to lose than a police force, but by keeping on top of emerging threats via outlets such as el reg I took steps to protect our business against autorun.inf type attacks over a year before Conficker became prevalent. I like to call this "doing my job".

    There's a very simple registry hack that shuts down autorun.inf permanently that should be applied as a matter of course to all business machines running XP. Anyone who hasn't done it isn't fit to call themselves a Windows sysadmin.

    WshShell.RegWrite "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\", "@SYS:DoesNotExist", "REG_SZ"

    Plug in your USB sticks with impunity for no harm can come of it that your AV scanner won't pick up.

  3. Keith Oldham
    Linux

    Not entirely true (M'lud)

    "Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers.."

    I think they mean WINDOWS computers

    1. TeeCee Gold badge

      Too true.

      However, you have to admit that anyone daft enough to run a year behind on Critical patches is going to get pwned eventually, regardless of the O/S they run (unless you're relying on "security through obscurity" here - a self-defeating argument).

      1. Keith Oldham
        Linux

        Re : Too true

        I agree entirely - up-to-date & secured as much as possible.

        Just trying to highlight that in the media " poor computer security" usually means " poor Windows security"

    2. Anonymous Coward
      Linux

      Not entirely true

      Not only Windows computers are at risk. There are autorun viruses for the Mac as well- well, pre OS-X PowerPC Macs. I know because I almost became victim of one- it came via an infected Zip-100 disk that I was to convert to windows format for a relative that runs a desktop publishing business. Yes, it's that notorious Autostart-9805 worm. Good thing the antivirus caught it and cleared it before it could launch.

      It's a shame that Symantec doesn't make antiviruses as effective as that anymore.

      Tux, since so far the only way viruses are going to get on Linux box is if you fool someone into logging in as administrator to run the infected executable, and Linux users aren't that stupid.

  4. Chris Miller
    FAIL

    Why?

    I can't immediately think of a reason why USB access should be allowed on this type of network, which ought to be subject to military-style restrictions. If it's genuinely unavoidable, it's not as though AV software that forces a scan of removable drives prior to allowing connection is hard to come by.

  5. alain williams Silver badge

    Stupid coppers

    I never cease to be amazed about people who run mission critical systems on top of MS Windows machines. How long before someone dies as a result ?

    1. Chris Miller
      Thumb Down

      Give it a rest

      Security is (in my rather extensive experience) about 5% due to the underlying OS and 95% to do with how it's configured (and that's being generous). It's perfectly possible to have highly secure and reliable Windows installations, it only requires someone who knows what they're doing. Equally, I've seen plenty of examples of insecure systems not based on a Windows OS.

      If Windows has a real weakness, it's that Microsoft have focused on ease of use to the point at which some people, who really shouldn't be responsible for anything more technologically complex than a fist axe, can masquerade as system administrators. Government organisations are prone to selecting candidates for this type of position on the basis of cheapness (and heaven knows the private sector can be equally guilty of this, too), with the results that we see here.

  6. Ben Rosenthal

    stories like this

    make me want to do the Moss IT Crowd firewall/security rant :D

    but I'm not going to.

  7. Tom 13
    Grenade

    If they had to disconnect their subnet

    me thinks they still didn't have the patch installed. I mean, otherwise they would have needed to plug the infected beastie into all of the computers now wouldn't they?

  8. Toastan Buttar

    Hi, I'm the Conficker Worm...

    ...and I designed Windows 7.

  9. Anonymous Coward
    Anonymous Coward

    Aha

    That's why we've not been able to connect to them :-P

  10. OffBeatMammal

    and you trust these people to deal with law and order

    when they can't even maintain basic levels of "housekeeping"?

    there must be a queue of AV vendors lining up to pitch a mandatory installation and update regimen at 4x the usual (civilian) cost to help secure the vital backbone of law enforcement.

    heck, if there's not you have to wonder why not!

    This isn't difficult to protect against... if year old threats are bringing down the system who knows what else is happening there and elsewhere

  11. Wolf 1
    FAIL

    Have these people never heard of auto-update?

    I mean come *on*. Conficker needs an unpatched system or it won't work! Let's see, there are so many levels of fail here it's dizzying.

    1) *EVERY* AV program catches Conficker!!!! EVERY SINGLE ONE. Meaning these system didn't have AV. Which, in today's environment is like going into battle stark naked and blindfolded!

    2) The patch has been out for well over a year now. November of 2008 if memory serves. Why wasn't it applied? On top of which auto-update would have patched it wihout anyone having to do *anything*.

    3) Conficker needs admin access, so running as a normal user blocks it. This is admin 101 stuff.

    So basically the police failed at basic security--how ironic.

    Utter, sensational, EPIC FAIL.

  12. SirTainleyBarking
    FAIL

    So Cornficker requires USB stick access

    So that means that plod can walk off site with details off the PNC that should not leave the station.

    Oh thats REALLY reassuring

  13. Anonymous Coward
    Dead Vulture

    probably came in the door via...

    an infected NHS laptop that had failed to auto-upgrade to SP3

    since the NHS is awash with pc's that have become infested with malware and trojans since they are only able to work with the spline software on ie5 and ie6.

    anyone upgrading thier pc's suddenly finds they cannot work, and the effectivly bricked pc has to be sent to support for a rebuild.

    rip ie6/7

  14. Anonymous Coward
    Gates Halo

    Windows 7 FTW

    Why don't they run Windows 7? It's beautiful, feature-rich and virus-free. XP sucks balls.

This topic is closed for new posts.

Other stories you might like