Feeds

Manchester cops clobbered by Conficker

PCs' PCs still unplugged from PNC

High performance access to file storage

Greater Manchester Police's computer network has been infected by the infamous Conficker worm, leaving beat cops unable to run computer checks on suspected criminals and vehicles for the last three days.

The malware was likely introduced into the GMP network after an already infected memory stick was plugged into a Windows PC.

Conficker (aka Downadup) began spreading on Friday evening leading to a decision to disconnect GMP systems from the Police National Computer (PNC) while the malware outbreak was contained. Police were obliged to call contacts in neighbouring forces in order to run PNC checks, the Manchester Evening News reports.

GMP's incident log crime recording systems was not affected by the malware outbreak, which was brought under control by Monday afternoon. GMP's reconnection to the PNC is yet to happen at the time of writing on Tuesday lunchtime, but this is likely to happen later today.

GMP assistant chief constable Dave Thompson said in a statement that the service the force offered to the public was not affected by the Conficker outbreak. The GMP's website and associated blogs also remained up and running during the incident.

On Friday 29 January 2010, a virus was identified within GMP the IT system.

The virus, Conficker, is not destructive and no data has been lost but due to the speed it has spread we have temporarily cut off our access to the Police National Computer and other Criminal Justice systems to prevent further infection.

A team of experts is now working on removing the virus, and will not reconnect until we are sure there is no further threat.

We have systems in place to ensure this does not affect our service to the communities of Greater Manchester.

At this stage it is not clear where the virus has come from but we are investigating how this has happened and will be taking steps to prevent this from happening again.

Information security experts reckon it's unlikely that GMP, Britain's third biggest police force, was deliberately targeted for attack. Previous victims of Conficker have included the UK Ministry of Defence, parliament and Manchester Council. The February 2009 incident cost council tax payers £1.5m in lost parking ticket revenue and security consultant fees.

Officers and civilian staff have been warned against using unauthorised USB flash drives and advised to run regular security scans using up to date anti-virus software. GMP employs 8,200 police officers and 4,100 civilian staff.

A GMP spokesman said it was yet to determine if an infected memory stick was to blame for the spread of malware across the force's systems, though it is the more likely scenario than the alternative explanation of infection from a connected network that took advantage of unpatched systems at GMP.

Jason Holloway, sales manager Northern Europe for secure USB drive vendor SanDisk, said: "Conventional USB flash drives are a key method for spreading these infections stealthily, and without the drive’s user being aware – as both Ealing and Manchester Councils found last year."

"Virus scanning has to extend beyond the PC to all types of removable storage. Better still, employees should only be able to use authorised flash drives that include on-board antivirus scanning. This ensures that users can’t turn off, disable or work around the protection, and would stop these infections from spreading."

Graham Cluley, a senior security consultant at Sophos, agreed with Holloway that the Conficker infection at GMP can most likely be traced back to an infected memory stick. Organisations need to control access to USB ports to clamp down on what has become a major route of virus infection over recent years, he added.

"Conficker, which was first encountered in late 2008 and created a hystericane of media interest in March last year, spreads via a variety of methods - but my guess is that it's most likely that it infected the police systems via an infected USB stick," Cluley wrote in a blog post on the GMP outbreak. "After all, they've had well over a year to put the Microsoft patch in place.

"Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers, and has been a common route for virus distribution in recent years. The problem was such that it encouraged Microsoft to improve the way AutoPlay worked in Windows 7." ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.