You’d think the British government would be up on the latest and greatest security practices, but apparently even officials there have their problems.

The U.K. parliament’s computer network has been infected with the Conficker worm, according to the Dizzy Thinks blog.

In his own blog post, Trend Micro security researcher Rik Ferguson questioned the security practices that could have allowed Conficker onto such hallowed turf. “Dear Parliament, if you are having trouble cleaning this up, give us a call, we’ll come and do it for nothing,” he offers.

Below is the text of the e-mail that Dizzy says was sent to users of the infected official network:

To: All users connecting directly to the Parliamentary Network

The Parliamentary Network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts. We are continuining [sic] to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected.

We are scanning the Network and if we identify any equipment which we believe is infected with the virus then we will contact you to ensure that the device is either removed from the Network or cleaned and loaded with the correct software to prevent this infection reoccurring.

You can help us to contain this problem and prevent new infection by adhering to the following advice:

–We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately.

–An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software. We ask that for the time being you do not use memory sticks or any other portable storage devices on the Parliamentary Network.

–If you do identify a problem with the equipment you are running, please contact the PICT Service Desk on 020 7219 2001 when it reopens on Wednesday 25 March from 8am.

–If you are connecting using one of our remote access services, from a Constituency Office for example, a separate communication will be sent to you. Director of Parliamentary ICT.

source : http://news.cnet.com

© sonicmind for My Fun Space, 2009. | Permalink | No comment | Add to del.icio.us
Post tags: Conficker, UK Parliament, worm

Feed enhanced by Better Feed from Ozh

A decade ago there was no Facebook, no iPhone, and no Conficker. There was dial-up and AOL and a nasty virus called Melissa that ended up being the fastest spreading virus at the time.

CNET News talked to Dmitry Graznov, a senior research architect at McAfee Avert Labs who was among the researchers who worked to fight the Melissa outbreak and track down the creator.

Q: How was Melissa discovered?
Graznov: Avert as a whole discovered it as did some of the competitors. It was submitted to us by customers as it started to spread around the world (on March 26, 1999).

What made Melissa different from previous viruses?
Graznov: It was the first mass-mailing virus, which used e-mail to spread on a large scale.

What harm did the virus do?
Graznov: In some cases the load on the e-mail servers in some organizations was so high that the servers were effectively shut down.

How many computers were affected and what did the virus do?
Graznov: Hundreds of thousands of computers were affected. That’s a guess…Melissa infected other documents a user opened in Microsoft Word. It also connected to Outlook if it was running and selected 50 entries in the address book and e-mailed an infected document to those addresses…including mailing lists…As a result, the virus was sent not just to 50 people, but to thousands of people easily. We didn’t have any firm numbers to go by, but we did have reports from customers saying their Exchange servers were overwhelmed.

How long did the outbreak last?
Graznov: Several days, but the infections continued to be registered for a long time after that. It was just a macro virus and we were well equipped to provide detection and removal for people’s computers even then…The fact that it was so widespread in the world already meant it took a long time to remove the infections.

Security researcher Dmitry Graznov as he looked in 1999 when he was chasing down the creator of the Melissa virus for McAfee Avert Labs.

(Credit: Dmitry Graznov)

How did the virus writer get caught?
Graznov: I was running, actually still am, a project called Usenet Virus Patrol, which scans Usenet articles for viruses. The author of Melissa posted the virus to a newsgroup called “alt.sex.” It was zipped up and sent as if it was a list of passwords to like 80-something different porno sites…It was just bait to entice people into downloading it and opening it. Once it was opened, it started e-mailing itself around. It was relatively easy to go back and find the exact Usenet posting that started all this. In the header of the posting it was possible to find out not only the e-mail address from which it was sent but also the IP address of the computer from which it was sent. That IP was linked to an AOL account and from that the FBI subpoenaed AOL and they provided the dial-in logs…and found out what computer was assigned that IP address and from what telephone number the call was made. The AOL account was a compromised one…The phone call that used that account came from New Jersey and the FBI linked the phone number to a particular address. That is how they found the guy’s computer…The data we provided them was the clue that led straight to the criminal. (David L. Smith pleaded guilty and was sentenced to 20 months in prison and $5,000 in fines.)

What was the motivation behind Melissa?
Graznov: There was no material gain. Back then, people didn’t do it for money. They did it for mischief, for fame…Today there is huge money in computer crime…Back then, we had 200 times fewer pieces of malware than we have today.

Any comments on Conficker and Melissa and how far we’ve come?
Graznov: Conficker is a completely different type of thing. It’s not a macro virus. It’s an executable and a botnet, and it downloads lots of stuff on your computer. It’s basically a network for sale. It can be rented out. It can be used for password stealing. Back in 1999 there wasn’t such a thing as a business model for malware…Today, big money is involved in computer malware. You cannot even compare them.

source : http://news.cnet.com

© sonicmind for My Fun Space, 2009. | Permalink | No comment | Add to del.icio.us
Post tags: Conficker, McAfee, Melissa, virus, worm

Feed enhanced by Better Feed from Ozh