Feeds

Leaked memo says Conficker pwns Parliament

House of Commons systems borked

Security for virtualized datacentres

Updated The House of Commons IT systems has reportedly been infected by the infamous Conficker superworm, which has previously infected millions of Windows PCs and affected the operation of hospitals, military and large corporate systems.

Political blog Dizzy Thinks first reported that a memo (below) sent out to parliamentary IT network users on Tuesday night warned that Conficker had disrupted the operation of parliamentary systems.

The infection has reportedly prompted a clean-up operation as well as a temporary ban on the use of mass storage devices, including MP3 players, on parliamentary systems.

To: All users connecting directly to the Parliamentary Network

The Parliamentary Network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts. We are continuining [sic] to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected.

We are scanning the Network and if we identify any equipment which we believe is infected with the virus then we will contact you to ensure that the device is either removed from the Network or cleaned and loaded with the correct software to prevent this infection reoccurring.

You can help us to contain this problem and prevent new infection by adhering to the following advice:

* We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately.

* An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software. We ask that for the time being you do not use memory sticks or any other portable storage devices on the Parliamentary Network.

* If you do identify a problem with the equipment you are running, please contact the PICT Service Desk on 020 7219 **** when it reopens on Wednesday 25 March from 8am.

* If you are connecting using one of our remote access services, from a Constituency Office for example, a separate communication will be sent to you.

Director of Parliamentary ICT.

Our call to the service desk was referred upwards. We've left a message with ICT management. Inquiries to the All Parliamentary Internet Group and parliamentary IT lobby group Eurim are also yet to shed any light on the matter.

However one House of Commons source, who requested anonymity, confirmed to El Reg that the memo is genuine. He added that the House of Commons network had been "slow for most of the week" and acting like it was "hand cranked", although its performance had improved a bit by Friday once the clean-up operation got under way. The prohibition of plugging mobile devices into the network was likely to inconvience MPs and other who synchronised their phones with their desktops, he added.

The memo came from a credible source who has shed light on other goings-on involving parliamentary IT systems.

Dizzy Thinks previously reported that the Parliamentary ICT department had told users that PGP was incompatible with its remote access software, for reasons neither El Reg nor PGP have been able to unravel to date.

Earlier this month El Reg reported that police failed to record a crime, much less investigate, when Alun Michael MP reported a computer in his office was infected with malware. Michael was able to detect and remove the malware himself.

It's unclear what strain of malware was involved in that attack, much less whether the two reported incidents are somehow linked.

The security of parliamentary PCs is more sensitive than those of regular office system because of the confidentiality of MPs' correspondence with their constituents, to say nothing of the effect that borked systems might have on the day-to-day business of Parliament.

It's known that Colt Telecom supplies the connectivity and that MessageLabs, a security sub-contractor, handles the anti-spam and anti-virus filtering on the parliamentary internet connection.

Conficker spreads through several update mechanisms, a well-known Windows vulnerability and tainted USB drives being just two. Once it secures a foothold on an infected network, the worm can spread widely across network shares by exploiting weak password security, a major factor in its high prevalence within corporate systems. Spreading by email isn't one of the infection vectors used by Conficker.

Nonetheless, as a security sub-contractor you'd expect MessageLabs, with a noted team of anti-virus experts, to be among the third-party partners asked to roll its sleeves up and sort out the apparent virus infection problems on parliamentary systems. If so MessageLabs is staying schtum, perhaps for understandable reasons of client confidentiality.

We asked MessageLabs for comment on Thursday on the issue, but we're yet to hear back.

News of the reported infection of parliamentary systems comes at a time when Conficker is back under the spotlight, as security watchers count down to the start of a new update mechanism, due to come online for systems infected by the latest variant of the malware from 1 April. Whether this event will coincide with the activation of the botnet for malign purposes, such as sending spam, remains unclear. Even in the simple act of spreading the worm has caused huge disruption.

The UK's Ministry of Defence reported that that the worm had spread across some of its offices, as well as desktops aboard various Royal Navy warships. Hospitals in Sheffield reported infection of over 800 computers back in February. Other corporate victims of the malware include judicial systems in the city of Houston and the Bundeswehr (German Army).

A handy FAQ on Conficker by F-secure can be found here. A technical analysis of the worm can be found in a paper by SRI International here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.