Conficker worm disrupts Manchester police systems

Conficker worm disrupts Manchester police systems

Summary: Greater Manchester Police has cut its access to central police computers in an effort to contain the infection

TOPICS: Security

The Conficker worm has hit Greater Manchester Police computers, leaving the force without direct access to central police systems.

The worm was discovered on the computers on Friday, leading the Manchester force to cut access to the Police National Computer (PNC) and other criminal justice systems to prevent further infection. The systems were still infected on Tuesday, Greater Manchester Police (GMP) said in a statement.

Conficker is a network worm that targets holes in Windows and spreads through infected USB devices, or by launching dictionary attacks on weak passwords on networks, among other methods. The GMP has begun an investigation into how the worm entered its systems.

"At this stage, it is not clear where the virus has come from, but we are investigating how this has happened and will be taking steps to prevent this from happening again," said GMP assistant chief constable Dave Thompson.

Police have been warned against the use of USB sticks following the infection. "There have been some internal messages about using personal dongles," a GMP spokesman said.

The PNC holds details of people, vehicles, crimes and property that can be electronically accessed by the police and other criminal justice agencies. While the Manchester force's access to PNC has been curtailed temporarily, its response to crimes has not been affected, according to the GMP spokesman.

GMP officers have been contacting colleagues in neighbouring forces to run any urgent PNC checks, he added.

The Conficker worm, also known as Downadup and Kido, has a history of infecting systems via thumb drives, said USB security company SanDisk. The worm was behind an outbreak that disrupted Manchester City Council's parking ticketing last July.

Read this


Roundup: Countdown to Conficker

ZDNet UK reports on the latest news and updates

Read more

"It's not yet certain how the GMP network was infected, but we have seen Conficker outbreaks from an infected flash drive before, as both Ealing and Manchester Councils found last year," said Jason Holloway, SanDisk sales manager for northern Europe.

"Unfortunately, users often aren't aware that they are using an infected device, and Conficker's Autorun exploit is specifically designed to take advantage of this."

Conficker, which targets Microsoft Windows systems, has claimed some high-profile scalps. In March 2009, the worm infected UK parliamentary systems, while the Ministry of Defence and NHS systems in Sheffield have also experienced Conficker issues.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • So the..

    Government never learned from its past experiences then.
  • How many more times?

    Did anyone notice just how old that worm is? This raises a few areas of major concern.

    First and foremost, why does Microsoft not fix vulnerabilities just because they come under the umbrella of ailments that anti-virus vendors are supposed to cover? Surely a virus that old, and especially the ones that are several orders of magnitude older, could have been compensated for by the writers of Microsoft Windows source code. I know for certain that the Open Source operating systems would have done that rather than leaving the vulnerabilities in only to be handled by extra A/V software.

    Second, this exact problem happened in several high profile places such as government departments a year ago and yet this police force didn't learn enough to prevent it happening to them.

    Third, given that this latest infection was on the network of a police force, how can we rely on them to bring about reliable convictions for the various forms of cyber crime that might happen on their patch when they can't even keep their own computers clean? Or indeed, how can we trust that the huge volumes of information they have stored hasn't been snooped on and perused by any number of "interested" parties?

    This doesn't just apply to one police jurisdiction. Any network with inherently insecure operating systems ought to have the same type of questions asked of it.
    Fat Pop Do Wop
  • Microsoft HAS issued a fix for this. (sort of.)

    It was released nearly a year ago.

    One little hic-up:
    Unless the computers have PROPERLY disabled the auto-run "feature" on usb-sticks, then they WILL get attacked.

    If very weak passwords are used, then it is ALSO posssible to get this unpleasant "gift".

    So it is [b] sort of /b] fixed.
  • anti-virus vendors are supposed to cover?

    This seems to be the way MS has done business for several years. In the olden days they would release a new version knowing it wasn't ready for the end user, but would not fix it until said end user would complain loudly enough. Now they depend on third parties to cover it until enough people complain, or it spreads around the world. This will come back and bite them, in the end. I am SO proud to say they don't have me for a customer anymore. Thanks Linus.