Feeds

NHS computers hit by voracious, data-stealing worm

Easily detected — but isn’t

Next gen security for virtualised datacentres

The UK’s National Health Service has been hit by a voracious, data-stealing worm that’s easily detected by off-the-shelf security software, according to researchers who directly observed the mass compromise.

Researchers from anti-virus provider Symantec have been monitoring the Qakbot worm since last May and have documented its behavior here and here. On Thursday, after infiltrating two of the six servers used to collect pilfered data from infected machines, they provided an update that didn't exactly instill confidence in the healthcare system.

“The logs show that there is a significant Qakbot infection on the National Health Service (NHS) network in the UK,” the Symantec update states. “This threat has managed to infect over 1,100 separate computers that are spread across multiple subnets within the NHS. We have attempted to contact the affected parties and have no evidence to show that any customer or patient data has been stolen.”

Not that Qakbot doesn’t have the ability to clean out the NHS if it wanted to. Over a two week period, the researchers observed 4 GB of stolen data being funneled to the monitored servers. Because that represents a fraction of the servers used by Qakbot, the amount of pilfered information is likely much higher.

Qakbot spreads through webpages that install malware by exploiting patched vulnerabilities in Microsoft’s Internet Explorer and Apple’s QuickTime software. It is able to self-propagate on local networks through file shares. It “moves slowly and with caution, trying not to bring attention to its presence,” according to the update.

The malware scours an infected machine’s hard drive for internet search histories, banking and payment card information and logon credentials for some dozen websites and then uploads them to one of the six servers. It also records the contents of data stored by a browser’s autocomplete feature.

“In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen,” Symantec researchers wrote.

While Qakbot primarily targets home users, plenty of corporate and government machines are infected as well. In addition to the NHS, other government computers that are compromised are located in Brazil. The threat is easily detected by Symantec’s anti-virus product, and presumably software from plenty of other companies as well. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?