The UK Parliament has become the latest to fall victim to the Downad/Conflicker work after an leaked internal memo advising network users on how to contain the problem, according to the blog Dizzy Thinks. The latest variant of the worm, which activates and download files to the infected computer on April 1st, is still being debated as an April Fools Day prank or something that will cause havoc on computers.
“The Parliamentary Network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts,” the memo reads.
“We are scanning the Network and if we identify any equipment which we believe is infected with the virus then we will contact you to ensure that the device is either removed from the Network or cleaned and loaded with the correct software to prevent this infection reoccurring.”
The full memo is below:
To: All users connecting directly to the Parliamentary Network
The Parliamentary Network has been affected by a virus known as conficker. This virus affects users by slowing down the Network and by locking out some accounts. We are continuining [sic] to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected.
We are scanning the Network and if we identify any equipment which we believe is infected with the virus then we will contact you to ensure that the device is either removed from the Network or cleaned and loaded with the correct software to prevent this infection reoccurring.
You can help us to contain this problem and prevent new infection by adhering to the following advice:
- We are unable to clean PCs and portable computers which are either not switched on or which are not authorised devices. We therefore ask that if you are running a PC or portable computer not authorised to be on the Network that you take it off immediately.
- An additional characteristic of this virus is that for some types of files it can skip direct to the Network from a USB memory stick or other portable storage device (e.g. mp3 players) without hitting the virus checker software. We ask that for the time being you do not use memory sticks or any other portable storage devices on the Parliamentary Network.
- If you do identify a problem with the equipment you are running, please contact the PICT Service Desk on 020 7219 2001 when it reopens on Wednesday 25 March from 8am.
- If you are connecting using one of our remote access services, from a Constituency Office for example, a separate communication will be sent to you.
Director of Parliamentary ICT.
The UK Parliament is not the only one, however. According to the Wikipedia article, the UK Ministry of Defence had some of its major systems and desktops infected; and, hospitals in the city of Sheffield in South Yorkshire in England also reported infected computers.
On February 13, the Bundeswhehr, the armed forces in Germany, also had some of its computers infected.
Conflicker is known to have exploited a vulnerability that is in Windows 2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008 and the Windows 7 Beta. As of now, Microsoft, BitDefender, ESET, Symantec, Sophos and Kaspersky Labs have brought out removal tools; while McAfee and AVG will remove it with a on-demand scan.
Note: The following BitDefender Tool is not from bdtools.net – a known site that will infect you with the virus. The following tool comes from BitDefender’s website itself. techgeek.com.au is not responsible for any links.
Because of the impact, Microsoft, along with a consortium of technology companies like Verisign, ICANN, AOL, Symantec, and researchers from Georgia Tech, formed an organisation to combat the efforts of the virus. As well, Microsoft is giving US$250,000 to those who can provide any information that will lead to the arrest and conviction of those behind the virus.
techgeek.com.au advises that you patch your anti-virus system and download any critical or important updates from Microsoft.
Image from: beatbull/Flickr (CC)