Feeds

Manchester cops clobbered by Conficker

PCs' PCs still unplugged from PNC

The Power of One eBook: Top reasons to choose HP BladeSystem

Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.

The malware was likely introduced into the GMP network after an already infected memory stick was plugged into a Windows PC.

Conficker (aka Downadup) began spreading on Friday evening leading to a decision to disconnect GMP systems from the Police National Computer (PNC) while the malware outbreak was contained. Police were obliged to call contacts in neighbouring forces in order to run PNC checks, the Manchester Evening News reports.

GMP's incident log crime recording systems was not affected by the malware outbreak, which was brought under control by Monday afternoon. GMP's reconnection to the PNC is yet to happen at the time of writing on Tuesday lunchtime, but this is likely to happen later today.

GMP assistant chief constable Dave Thompson said in a statement that the service the force offered to the public was not affected by the Conficker outbreak. The GMP's website and associated blogs also remained up and running during the incident.

On Friday 29 January 2010, a virus was identified within GMP the IT system.

The virus, Conficker, is not destructive and no data has been lost but due to the speed it has spread we have temporarily cut off our access to the Police National Computer and other Criminal Justice systems to prevent further infection.

A team of experts is now working on removing the virus, and will not reconnect until we are sure there is no further threat.

We have systems in place to ensure this does not affect our service to the communities of Greater Manchester.

At this stage it is not clear where the virus has come from but we are investigating how this has happened and will be taking steps to prevent this from happening again.

Information security experts reckon it's unlikely that GMP, Britain's third biggest police force, was deliberately targeted for attack. Previous victims of Conficker have included the UK Ministry of Defence, parliament and Manchester Council. The February 2009 incident cost council tax payers £1.5m in lost parking ticket revenue and security consultant fees.

Officers and civilian staff have been warned against using unauthorised USB flash drives and advised to run regular security scans using up to date anti-virus software. GMP employs 8,200 police officers and 4,100 civilian staff.

A GMP spokesman said it was yet to determine if an infected memory stick was to blame for the spread of malware across the force's systems, though it is the more likely scenario than the alternative explanation of infection from a connected network that took advantage of unpatched systems at GMP.

Jason Holloway, sales manager Northern Europe for secure USB drive vendor SanDisk, said: "Conventional USB flash drives are a key method for spreading these infections stealthily, and without the drive’s user being aware – as both Ealing and Manchester Councils found last year."

"Virus scanning has to extend beyond the PC to all types of removable storage. Better still, employees should only be able to use authorised flash drives that include on-board antivirus scanning. This ensures that users can’t turn off, disable or work around the protection, and would stop these infections from spreading."

Graham Cluley, a senior security consultant at Sophos, agreed with Holloway that the Conficker infection at GMP can most likely be traced back to an infected memory stick. Organisations need to control access to USB ports to clamp down on what has become a major route of virus infection over recent years, he added.

"Conficker, which was first encountered in late 2008 and created a hystericane of media interest in March last year, spreads via a variety of methods - but my guess is that it's most likely that it infected the police systems via an infected USB stick," Cluley wrote in a blog post on the GMP outbreak. "After all, they've had well over a year to put the Microsoft patch in place.

"Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers, and has been a common route for virus distribution in recent years. The problem was such that it encouraged Microsoft to improve the way AutoPlay worked in Windows 7." ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.