Five Sheffield Hospital Networks Hit By Downadup virus

After infecting millions of PCs worldwide, the Downadup virus, also referred as the Conficker.B, compromised nearly 800 from 7,000 computers at Sheffield's [UK] five hospitals, resulting in the cancellation of a few patient appointments, said a Sheffield Teaching Hospitals NHS Foundation Trust's representative.

According to security analysts, Conficker B is a virus that copies itself into several shared files on the system with a weak password. The malevolent program then attempts to hack other machines within the network by randomly using passwords from a database of simple passwords. It also blocks several websites using specific keywords in their URL.

The worm allegedly hit the Sheffield hospitals after employees disabled the automated security upgrades during Christmas time. The virus hit just after the computers restarted during surgery. On December 29, 2008, the malicious virus was detected on the system.

According to Sheffield Teaching Hospital's Informatics Director, David Whitham, they were not sure how the worm had been able to entered the network, except that the virus was detected. Soon after, the automatic update action was temporarily disabled and problems cropped up in several computers in the operating theater, as reported by TheRegister on January 20, 2009.

The IT Change Advisory Board decided to disable automatic updates system to prevent further interruptions in theatres which could impact patient care, said David Whitham.

The malware didn't affect much the functioning hospitals. Apart from the cancellation of a few non-pressing appointments in the medical imaging department to facilitate the cleansing of the infected PCs, there was no other effect on patient care, claimed a Trust spokeswoman.

But the NHS trust authorities informed that the worm outbreak is presently under control. Their IT unit has been functioning in tandem with outside antivirus experts to update computers and eliminate the last remnants of the worm from the network to limit the prospects of yet another attack.

Meantime, it is noteworthy that a fix for the Conficker worm has already been issued by Microsoft in October 2008. In spite of this, the Ministry of Defense (MoD) as well as several other firms has acknowledged being infected by it.

Related article: FBI’s ICCC Annual Report Discusses Fraudulent and Non-Fraudulent Complaints

» SPAMfighter News - 2/3/2009