Manchester Police Nabbed By Conficker Worm

Greater Manchester Police has quarantined its network after discovering it had been infected by the notorious Conficker worm

Greater Manchester Police has cut itself off from the Police National Computer (PNC) after its computer network fell foul of the infamous Conficker worm, leaving the police force unable to carry out checks on criminals and suspect vehicles.

The worm entered the network some time on Friday evening and spread rapidly through the force, knocking out Internet connections and email accounts, according to the Manchester Evening News. It is believed that the malware was introduced when an infected memory stick was plugged into a Windows PC.

Police officials made the decision to disconnect all of the unit’s networks from PNC until the malware outbreak had been contained. In the meantime police officers are having to call on colleagues in neighbouring forces to ask them to carry out PNC checks.

“The virus, Conficker, is not destructive and no data has been lost, but due to the speed it has spread we have temporarily cut off our access to the Police National Computer and other Criminal Justice systems to prevent further infection,” said assistant chief constable Dave Thompson in a statement.

“A team of experts is now working on removing the virus, and will not reconnect until we are sure there is no further threat,” he added. “We have systems in place to ensure this does not affect our service to the communities of Greater Manchester. At this stage it is not clear where the virus has come from but we are investigating how this has happened and will be taking steps to prevent this from happening again.”

conficker.jpg

The Conficker worm first emerged in 2008 and has since infected millions of computers, including those in the UK Ministry of Defence, Parliament and Manchester Council. In October of that year Microsoft issued a patch to correct a flaw in the Windows Server that had been responsible for giving the worm access to personal systems. However, the worm continued to spread via peer-to-peer networks and removable media.

By November 2009, Conficker was still active and continuing to claim millions of victims. “This certainly is one of the most sophisticated pieces of malware that we’ve ever seen,” said Tom Cross, manager of IBM X-Force Advanced Research, at the time. The authors of the malware continue to update the worm, with each version providing a new twist on its functionality.

“Malware like the Conficker worm can spread via infected memory sticks, taking advantage of the AutoRun facility to execute on computers, and has been a common route for virus distribution in recent years,” explained Sophos security consultant Graham Cluley, in a blog post. “Although companies can’t strip search employees in order to prevent USB memory sticks being brought into their organisations, they can take steps to help fight the problem of unauthorised devices being attached to their network.”