ZDNet UK / News and Analysis / Security / Security Threats

Conficker worm disrupts Manchester police systems

By Tom Espiner, ZDNet UK, 2 February, 2010 13:22

Topics

Conficker, Worm, Greater Manchester Police, Security, Downadup, Kido, Police

NEWS

The Conficker worm has hit Greater Manchester Police computers, leaving the force without direct access to central police systems.

The worm was discovered on the computers on Friday, leading the Manchester force to cut access to the Police National Computer (PNC) and other criminal justice systems to prevent further infection. The systems were still infected on Tuesday, Greater Manchester Police (GMP) said in a statement.

Conficker is a network worm that targets holes in Windows and spreads through infected USB devices, or by launching dictionary attacks on weak passwords on networks, among other methods. The GMP has begun an investigation into how the worm entered its systems.

"At this stage, it is not clear where the virus has come from, but we are investigating how this has happened and will be taking steps to prevent this from happening again," said GMP assistant chief constable Dave Thompson.

Police have been warned against the use of USB sticks following the infection. "There have been some internal messages about using personal dongles," a GMP spokesman said.

The PNC holds details of people, vehicles, crimes and property that can be electronically accessed by the police and other criminal justice agencies. While the Manchester force's access to PNC has been curtailed temporarily, its response to crimes has not been affected, according to the GMP spokesman.

GMP officers have been contacting colleagues in neighbouring forces to run any urgent PNC checks, he added.

The Conficker worm, also known as Downadup and Kido, has a history of infecting systems via thumb drives, said USB security company SanDisk. The worm was behind an outbreak that disrupted Manchester City Council's parking ticketing last July.

Read this

Roundup
Roundup: Countdown to Conficker

ZDNet UK reports on the latest news and updates

Read more +

"It's not yet certain how the GMP network was infected, but we have seen Conficker outbreaks from an infected flash drive before, as both Ealing and Manchester Councils found last year," said Jason Holloway, SanDisk sales manager for northern Europe.

"Unfortunately, users often aren't aware that they are using an infected device, and Conficker's Autorun exploit is specifically designed to take advantage of this."

Conficker, which targets Microsoft Windows systems, has claimed some high-profile scalps. In March 2009, the worm infected UK parliamentary systems, while the Ministry of Defence and NHS systems in Sheffield have also experienced Conficker issues.

Related stories

1999-2009: The tech decade in perspective

Microsoft offers $250k bounty for Downadup arrest

Microsoft releases critical Windows patches

Gumblar attack worse than Conficker, experts warn

FBI agent reveals details of cybercrime sting

Talkback

Government never learned from its past experiences then.

CA 2 February, 2010 20:57 Reply

Did anyone notice just how old that worm is? This raises a few areas of major concern.

First and foremost, why does Microsoft not fix vulnerabilities just because they come under the umbrella of ailments that anti-virus vendors are supposed to cover? Surely a virus that old, and especially the ones that are several orders of magnitude older, could have been compensated for by the writers of Microsoft Windows source code. I know for certain that the Open Source operating systems would have done that rather than leaving the vulnerabilities in only to be handled by extra A/V software.

Second, this exact problem happened in several high profile places such as government departments a year ago and yet this police force didn't learn enough to prevent it happening to them.

Third, given that this latest infection was on the network of a police force, how can we rely on them to bring about reliable convictions for the various forms of cyber crime that might happen on their patch when they can't even keep their own computers clean? Or indeed, how can we trust that the huge volumes of information they have stored hasn't been snooped on and perused by any number of "interested" parties?

This doesn't just apply to one police jurisdiction. Any network with inherently insecure operating systems ought to have the same type of questions asked of it.

Fat Pop Do Wop 2 February, 2010 22:47 Reply

It was released nearly a year ago.

One little hic-up:
Unless the computers have PROPERLY disabled the auto-run "feature" on usb-sticks, then they WILL get attacked.

If very weak passwords are used, then it is ALSO posssible to get this unpleasant "gift".

So it is [b] sort of /b] fixed.

hkommedal 5 February, 2010 01:05 Reply

This seems to be the way MS has done business for several years. In the olden days they would release a new version knowing it wasn't ready for the end user, but would not fix it until said end user would complain loudly enough. Now they depend on third parties to cover it until enough people complain, or it spreads around the world. This will come back and bite them, in the end. I am SO proud to say they don't have me for a customer anymore. Thanks Linus.

ator1940 5 February, 2010 09:36 Reply

Post your comment

In order to post a comment you need to be registered and logged in

Log in or create your ZDNet UK account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ

ZDNet UK Live

expert_lectures

HR in the UK Bill Kutik on HR Collaboration Options: By Oliver Marks | September 5, 2010, 6:02pm... http://bit.ly/9q2dmG expertlectures.com

SoFrank

Jack, I hereby nickname you "Ebenezer." Leorising, I *totally* trust some obscure search engine with no transparent revenue stream to be honest and...

2 hours ago by SoFrank on Google’s Buckyballs doodle costs people money, drives users away
InfoGuruShop

BBC I Player - could launch Monday http://bit.ly/b8DgJp

mapyourbrand

New iPlayer to launch, with social features... Social TV will be interesting! http://bit.ly/diCEYW

mikecane

Google’s Buckyballs doodle costs people money, drives users away http://t.co/K7VmmHu <- HA! That didn't affect OPERA for me at all! Irony!

jtroll

Google Doodles are terrific examples of creativity for creativity's sake... except when they overheat your machine: http://bit.ly/aC1rqL

leorising

Switch to Startpage: http://www.startpage.com/eng/download-startpage-plugin.html You can add them to your pulldown search list in firefox, dunno...

6 hours ago by leorising on Google’s Buckyballs doodle costs people money, drives users away
BrianExCIS

The Nano is a real backwards step, too small and fiddly if you're over 40 and with reduced functionality. I'm going to put a 32GB SDHC card in my...

6 hours ago by BrianExCIS on New iPods, revamped Apple TV arrive
Stjepan

"I'd rather have the time back that I spent reading this article." Second to that. What computer you are using there? Very interesting, my three...

6 hours ago by Stjepan on Google’s Buckyballs doodle costs people money, drives users away
Stjepan

"I'd rather have the time back that I spent reading this article." Second to that. What computer you are using there? Very interesting, my three...

6 hours ago by Stjepan
chokha

String theory gets entangled in quantum computing http://bit.ly/cFWmmv

rpreibold

String theory gets entangled in quantum computing: ... Imperial College London think they have found a way to test... http://bit.ly/cIEKw7

Socmediadigest

#RT #SM #SocialMedia BBC iPlayer: social media and the public interest: Ah, yes, but social media so... http://bit.ly/aZEYQN #social #media

adam_ps

.@jackschofield on the surprising (to me) cost of Google’s Buckyballs doodle: http://bit.ly/dvpIDq On ZD Net

macmanblack

John Ross on retail market behavior...and social media http://bit.ly/95qJAd

Ezbizs

New iPods, revamped Apple TV arrive: ZDNet UKBy Staff, CNET News, 3 September, 2010 17:58 On Wednesday in Sa... http://tinyurl.com/236h64g

macmanblack

BBC iplayer going social http://bit.ly/95qJAd

DarrenZahradnik

Interesting: BBC iPlayer: social media and the public interest http://bit.ly/cv6amU

SocialMediaXprt

RT @DarrenZahradnik: Interesting: BBC iPlayer: social media and the public interest http://bit.ly/cv6amU http://bit.ly/9gHQfH

GloriaEdwards12

BBC iPlayer: social media and the public interest: By Rupert Goodwins, 5 September, 2010 17:42 The BBC is preparin... http://bit.ly/aISQLf

Latest in Security Threats

ITU head: Cyberwar could be 'worse than tsunami'

USB drive malware caused worst US military data breach

Rustock botnet responsible for 39 percent of all spam

Featured white papers

SunGard Aquires Hosting 365

A synopsis of SunGard's acquisition of 365 Hosting Limited, a Dublin, Ireland-based cloud computing and data centre services company..

Download now

HP Managed Print Services deal yields 40 percentcost saving at Merck Sharp & Dohme Italia SpA

Merck Sharp & Dohme Italia SpA wanted to consolidate its ageing, unmanaged print, copy and fax fleet and introduce a Managed Print Service (MPS) solution to drive down costs.

Download now

Real-Time Protection for Hyper-V

Server virtualization is a hot topic in the IT world because of the potential for providing serious cost savings for customers.

Download now

Inside ZDNet UK

Broadband Speed Test

How fast is your broadband?

Join ZDNet UK on Facebook

Join ZDNet UK on Facebook

White Papers

Free technology white papers

Downloads

Browse our free downloads

Jobs

Search for a new job

Hot Topics

ZDNet UK hot topics

Storage Resource Centre

Storage Resource Centre