Over 1,000 UK desktops part of botnet, says Symantec

Tom Espiner ZDNet UK | April 26, 2010 4:45 AM PDT

Summary

Over a thousand UK health systems have been compromised and are part of a data-stealing botnet, according to security company Symantec.

Topics

Desktop, Symantec Corp., Health Care, U.K., Vertical Industries, Healthcare, Benefits And Compensation, Security, Human Resources, botnet, Symantec, Qakbot, Tom Espiner ZDNet UK

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Over a thousand UK health systems have been compromised and are part of a data-stealing botnet, according to security company Symantec.

The 1,100 computers are infected with the Qakbot worm. This monitors compromised computers for information before uploading the data to Qakbot botnet command-and-control servers, said Symantec in a blog post on Thursday.

Symantec has alerted the NHS about the compromised systems, said Cox, which came to light when the company began monitoring two command-and-control servers in March. These are FTP servers that are also infected machines and part of the botnet.

Patient data is unlikely to have been stolen, Symantec security operations manager Orla Cox told ZDNet UK on Friday.

"This is very much a consumer threat," said Cox. "Once it gets into a corporate environment, it looks for consumer data."

Qakbot searches for information such as online banking details, credit card data, social-networking credentials and internet mail credentials, according to the Symantec blog post.

For more on this story, read Over 1,000 NHS desktops part of botnet, says Symantec on ZDNet UK.

Talkback Most Recent of 6 Talkback(s)

Follow via:: RSS; Email Alert

No mention of the affected OS

Now which one could it be;-)
Richard Flude
26th Apr 2010
- Reply to
- Flag
According to CA, Symantec, etc, the affected system is... Drum Roll please

(...)

windows.

Now I bet you were not expecting this, were you?
Great Kahuna
26th Apr 2010
- Reply to
- Flag
It's a Trojan. It doesn't require any OS vulnerability.

It just requires the user to execute it and click "Yes" on the UAC prompt. Or even easier, just requires the "smart" users that have turned off UAC to execute it. No vulnerability required.

It just happens to be written for the most popular OS on the planet. Which happens to be Windows.

Can you really tell me with a straight face that non-Windows OSes will be safe if users are similarly tricked into executing malicious software? Especially since this trojan steals user data, which doesn't require any admin/root privileges?
Qbt
26th Apr 2010
- Reply to
- Flag
I'm sorry

"Can you really tell me with a straight face that non-Windows OSes will
be safe if users are similarly tricked into executing malicious software? "

It's not that they can't but that this is windows, millions of windows
desktops are infected with malware designed only for windows.

Ignore the hypothetical, we're talking about the reality.
Richard Flude
26th Apr 2010
- Flag
Kill the king?

I'm not defending Micrsoft, but when a new OS king emerges and takes over the OS market, the malware criminals, etal, will simply adopt new strategies and techniques to maintain their income stream and or whatever else their motives might be and start the process of dethroning the next "king" all over again. What then?
barrygil@...
28th Apr 2010
- Flag
Linux keeps getting better & BETTER

Since I ditched XP for Linux Mint (an Ubuntu variant), I've avoided all sorts of nasty malware, trojans, worms et al.
Mind you, I'm quite impressed with Windows 7 and the FREE version of Avira AntiVir 10.0 is bloody AMAZING. I swear!
maxtheitpro
3rd May 2010
- Reply to
- Flag