• United States



by Jeremy Kirk, IDG News Service (London Bureau)

UK Ministry of Defence Stung by Rapidly Spreading Virus

Jan 16, 20093 mins
Critical InfrastructureCybercrimeViruses

LONDON (01/16/2009) – The U.K. Ministry of Defence is in the midst of an electronic fight with a computer virus that rapidly spread through its computer networks starting Jan. 6.

The virus infected computers throughout the military, including those used by the Royal Air Force and Royal Navy, and is one of the most severe attacks the organization has ever faced, according to a Ministry of Defence spokeswoman.

“Obviously with a computer system of our size we are fighting off viruses daily, but not of this scale,” the spokeswoman said. “I don’t think we’ve ever had an instance like this before.”

The virus has affected e-mail systems and Internet access but has not jeopardized war-fighting systems, she said. Due to pre-existing security systems, no classified or personal data was compromised, the Ministry said.

Just 27 percent of the Ministry’s computers meet current data security standards for holding classified information and personal data, it said earlier this week. About 31 percent of systems meet some standards, while the rest are being evaluated.

Efforts to contain and clean up the virus have resulted in widespread shutdown of systems, but the ministry declined to say how many machines in total are affected. A solution to prevent reinfection of the PCs is being tested.

“The reason why so many people are without their computers is because we’ve turned them off rather than they’ve been wiped or destroyed by this virus,” she said.

Some Navy systems are now up and running, but the Ministry did not have an estimate of how many of those systems remain down. The ministry declined to say which warships have been affected, but news reports singled out the fleet flagship HMS Ark Royal, an aircraft carrier that went into service in July 1985.

Due to security reasons, the type of virus has not been publicly released, the spokeswoman said. However, the computer security community has been grappling lately with the Conficker worm, which targets a flaw in Windows Service Server, a component in Microsoft’s Windows 2000, XP, Vista, Server 2003 and Server 2008 products.

Microsoft issued an emergency patch for the problem on Oct. 23, but security companies have said businesses have been hit hard by Conficker.

Systems become infected when a hacker constructs a malicious Remote Procedure Call (RPC) to an unpatched server, which then allows arbitrary code to run on a machine. Finnish security company F-Secure conservatively estimated the number of computers affected by Conficker at 3.5 million on Wednesday. In the span of one day earlier this week, F-Secure said it saw infections rise by 1 million machines.