Mystery virus hits 15 million PCs around the world

MoD and hospital computers among those infected by worm – the purpose of which is still unclear

David Randall
Sunday 25 January 2009 01:00 GMT
Comments

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A mysterious computer virus, the purpose of which has yet to become apparent, is spreading so fast that it has already infected more than 15 million computers around the world. Some six million machines have been contaminated in the past three days alone by the virus, a worm known as Downadup, Conficker or Kido.

More than 3,000 British organisations – including hospitals, the Ministry of Defence, councils, and what are described as "well-known firms" – have been hit. They and the hundreds of thousands of other victim organisations in countries such as the US, Russia, China and India are now bracing themselves for the virus to be triggered and do whatever malicious work it has been designed to do.

There remains the possibility that it has no function other than to demonstrate its originator's skill, but security experts think it unlikely a worm so sophisticated has no ulterior purpose. Tom Gaffney, technical manager of F-Secure, says this could be to capture confidential information, such as online account details and passwords, but it is more likely to be a "rootkit", which gives the virus designer administrative access – effectively, control over the computer and then, perhaps, its network. He said that Conficker is the worst outbreak of this type seen for six years, since the Slammer worm ran amok in 2003.

Conficker's origin is thought to be in Ukraine, mainly because the first thing the worm does is check if a computer has a Ukrainian-configured keyboard. If it does, the worm leaves it unmolested. Former Soviet states are where so-called "computer warfare" (the hacking of target networks, or hijacking of websites) has been most common. It was prevalent during last year's Georgia-Russia conflict.

So far, Conficker's impact has been irritating, but not disastrous. Low-level computers at the Ministry of Defence were affected, with some service staff left without access for two weeks. More than 800 computers within the Sheffield Teaching Hospitals Trust were affected. Other trusts, notably in South Wales, have been hit, and admin computers at Strathclyde fire service have also been affected. Mr Gaffney says his firm also has first-hand knowledge of infections at a few councils and "a number of well-known firms". F-Secure estimates 15 million computers are affected worldwide. Other security specialists favour a lower figure.

The worm, which does not affect Apple Macs, exploits a vulnerability in Windows, for which Microsoft provided a security patch as long ago as October. But the failure of many users to apply the patch (some say nearly one in three Windows users have ignored it), or to install anti-virus software, has allowed Conficker to proliferate. A common source of infection has been USB sticks and the application used to download their contents. There are also many users, especially non-corporate ones, unaware that their computer is affected, and therefore at risk of disastrous consequences if the virus is triggered. F-Secure, along with other security specialists, has a free online scan for the virus available on its website.

Additional research by Lara Richards

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in