UK Ministry of Defence stung by rapidly spreading virus

LATEST NEWS

Computerworld is New Zealand's only specialised information systems fortnightly.
Subscribe now for $100 (23 issues) and save more than 37% off the cover price!

Get the latest news from Computerworld delivered via email.
Sign up now

Aircraft carrier HMS Ark Royal affected

By Jeremy Kirk | London | Sunday, 18 January, 2009

The UK Ministry of Defence is battling a computer virus that rapidly spread through its computer networks starting January 6.

The virus infected computers throughout the military, including those used by the Royal Air Force and Royal Navy, and is one of the most severe attacks the organisation has ever faced, according to a Ministry of Defence spokeswoman.

"Obviously with a computer system of our size we are fighting off viruses daily, but not of this scale," the spokeswoman said. "I don't think we've ever had an instance like this before."

The virus has affected email systems and internet access but has not jeopardised war-fighting systems, she said. Due to pre-existing security systems, no classified or personal data was compromised, the Ministry said.

Just 27% of the Ministry's computers meet current data security standards for holding classified information and personal data, it said earlier this week. About 31% of systems meet some standards, while the rest are being evaluated.

Efforts to contain and clean up the virus have resulted in widespread shutdown of systems, but the ministry declined to say how many machines in total are affected. A solution to prevent reinfection of the PCs is being tested.

"The reason why so many people are without their computers is because we've turned them off rather than they've been wiped or destroyed by this virus," she said.

Some Navy systems are now up and running, but the Ministry did not have an estimate of how many of those systems remain down. The ministry declined to say which warships have been affected, but news reports singled out the fleet flagship HMS Ark Royal, an aircraft carrier that went into service in July 1985.

Due to security reasons, the type of virus has not been publicly released, the spokeswoman said. However, the computer security community has been grappling lately with the Conficker worm, which targets a flaw in Windows Service Server, a component in Microsoft's Windows 2000, XP, Vista, Server 2003 and Server 2008 products.

Microsoft issued an emergency patch for the problem on October 23, but security companies have said businesses have been hit hard by Conficker.

Systems become infected when a hacker constructs a malicious Remote Procedure Call (RPC) to an unpatched server, which then allows arbitrary code to run on a machine.

Finnish security company F-Secure conservatively estimated the number of computers affected by Conficker at 3.5 million ast Wednesday. In the span of one day earlier this week, F-Secure said it saw infections rise by 1 million machines.