Virus attacks Ministry of Defence

The Ministry of Defence is in the midst of an electronic fight with a computer virus that rapidly spread through its computer networks starting 6 January.

The virus infected computers throughout the military, including those used by the Air Force and Navy, and is one of the most severe attacks the organisation has ever faced, according to a Ministry of Defence (MoD) spokeswoman.

"Obviously with a computer system of our size, we are fighting off viruses daily but not of this scale," the spokeswoman said. "I don't think we've ever had an instance like this before."

The virus has affected email systems and internet access but has not jeopardised war-fighting systems, she said. In a statement, the ministry said that due to pre-existing security systems, no classified or personal data was compromised.

The MoD confirmed in parliament earlier this week that just 27 per cent of its systems meet current data security standards for holding classified information and personal data. About 31 per cent of systems meet some standards, while the rest are being evaluated.

Efforts to contain and cleanup the virus have resulted in widespread shutdown of systems, she said. A solution to prevent re-infection of the PCs is being tested.

"The reason why so many people are without their computers is because we've turned them off rather than they've been wiped or destroyed by this virus," she said.

Related:

Most Navy warship systems are now up and running, but the MoD did not have an estimate of how many systems remain down. The department declined to confirm which warships have been affected, but news reports singled out the fleet flagship HMS Ark Royal, an aircraft carrier that went into service in July 1985.
Due to security reasons, the type of virus has not been publicly released, the spokeswoman said.

Businesses and IT security professionals have been grappling lately with the Conficker worm, which targets a flaw in Windows Service Server, a component in the Microsoft Windows 2000, XP, Vista, Server 2003 and Server 2008 products.

The Conficker worm, also dubbed Downadup, has surged during the first few weeks of 2009 and has infected an estimated 3.5 million PCs so far, according to Finnish security company F-Secure. In the span of one day earlier this week, F-Secure said it saw infections rise by one million machines.

Microsoft issued an emergency patch for the problem on 23 October. Yet security firm Qualys stated today that about 30 per cent of Windows PCs in the world have not yet been patched.

Systems become infected when a hacker constructs a malicious Remote Procedure Call (RPC) to an unpatched server, which then allows arbitrary code to run on a machine.

Related articles:

MoD IT systems do not meet data security standards