U.K. parliament computers get Confickered
You'd think the British government would be up on the latest and greatest security practices, but apparently even officials there have their problems.
The U.K. parliament's computer network has been infected with the Conficker worm, according to the Dizzy Thinks blog.
In his own blog post, Trend Micro security researcher Rik Ferguson questioned the security practices that could have allowed Conficker onto such hallowed turf. "Dear Parliament, if you are having trouble cleaning this up, give us a call, we'll come and do it for nothing," he offers.
Below is the text of the e-mail that Dizzy says was sent to users of the infected official network:
To: All users connecting directly to the Parliamentary Network
The Parliamentary Network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts. We are continuining [sic] to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected.
We are scanning the Network and if we identify any equipment which we believe is infected with the virus then we will contact you to ensure that the device is either removed from the Network or cleaned and loaded with the correct software to prevent this infection reoccurring.
You can help us to contain this problem and prevent new infection by adhering to the following advice:
--We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately.
--An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software. We ask that for the time being you do not use memory sticks or any other portable storage devices on the Parliamentary Network.
--If you do identify a problem with the equipment you are running, please contact the PICT Service Desk on 020 7219 2001 when it reopens on Wednesday 25 March from 8am.
--If you are connecting using one of our remote access services, from a Constituency Office for example, a separate communication will be sent to you. Director of Parliamentary ICT.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
Are you so naive and arrogant to think you know what's going on in my head?
Servers across the internet run Linux. Actually, the majority of servers run Linux in one form or another. Yet, Windows has more malware written for it. It's a fact that every OS has vulnerabilities. It's a fact that every browser and every piece of software has vulnerabilities just because of how imperfect the designer of that software are.
There are enough reasons to write exploits for Linux just in how many servers there are, yet nothing has been written, even on a small scale, that will run.
Besides, the EU hates MS. That's enough of a reason to stop using Windows in and of itself.
By the way, try doing a little research into Linux vulnerabilities before you leave a comment. Know what you're talking about and certainly start reading comments for what they are rather than what you think they are.
Not really, he is right.
The way the Linux base (Unix and somewhat MacOS) is designed helps prevent a large number of virii from being created so easily.
The large number of Linux web-servers prove such. (only ones being hacked are ones ran by idiots using root)
Microsoft made an attempt at trying to fix this with UAC, and failed it quite badly. (one virus was able to get straight by it if i remember correct)
I'm not sure how they are going about it in Win7 yet, but for everyone's sake, i hope they do well...
It's not that linux servers are more secure, it's the difference between a PC and a server that is the difference. Servers are maintained all the time with top notch security, whereas PCs get neglected by users that don't know much about it. That is the issue here. Another issue is related to the way hackers think. If they can get around dealing with the servers that are maintained well, and instead go for creating a mass network via exploiting individual PCs without nearly as much security as servers, then they'll probably go for the PCs.
- by bridge solution April 1, 2009 11:28 AM PDT
- amidst the endless rants msft vs appl vs linux vs....whatvvver.... does anybody ever notice that these exploits are often >>coming from<< servers?
- Like this Reply to this comment
-
(11 Comments)the first virus i ever got (out of 3 in 13 years..1998)..came from attachments from a business partner with a mac, who swore of course that macs can't get virusus.. her machine became a carrier after being connected to a solaris based lan during a meeting. she managed to infect a dozen or more machines before she could be convinced that her mac was the vector.
plague carriers don't have to be sick to spread plague.
if i'm writing an exploit to create a bot or other net, the last thing i want is for it to be visible to linux: i want it to intereact with the p2p buildable by whatever system is dominant at the edge of the net, which is windows.