Over 1,000 NHS desktops part of botnet, says Symantec

Over 1,000 NHS desktops part of botnet, says Symantec

Summary: Patient data is unlikely to have been compromised by an information stealing worm called Qakbot, said the company

TOPICS: Security

Over a thousand UK health systems have been compromised and are part of a data-stealing botnet, according to security company Symantec.

The 1,100 computers are infected with the Qakbot worm. This monitors compromised computers for information before uploading the data to Qakbot botnet command-and-control servers, said Symantec in a blog post on Thursday.

Symantec has alerted the NHS about the compromised systems, said Cox, which came to light when the company began monitoring two command-and-control servers in March. These are FTP servers that are also infected machines and part of the botnet.

Patient data is unlikely to have been stolen, Symantec security operations manager Orla Cox told ZDNet UK on Friday.

"This is very much a consumer threat," said Cox. "Once it gets into a corporate environment, it looks for consumer data."

Qakbot searches for information such as online banking details, credit card data, social-networking credentials and internet mail credentials, according to the Symantec blog post.

It is theoretically possible for the botnet controllers to order the bot to download a new copy of itself that is equipped to steal patient data, but this would be unlikely, said Cox.

"This is not a very targeted threat. It's not that sophisticated," she said.

The NHS had not responded to a request for comment at the time of writing. However, ZDNet UK understands that the NHS is aware of the Symantec discoveries and is investigating the issue.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • The NHS spent a billion dollars equivalent on MS licenses and this is what they've got to show for it. And yet again, the fact that the O/S is MICROSOFT WINDOWS isn't mentioned on the Symantec site, other than the mention of W32 . . . so anyone with knowledge can infer MS Win.

    Get the NHS out of MS bondage so that a billion dollars worth of money can be spent on nurses, equipment, and cancer treatments that so far have proved to be too costly. And of course with FOSS operating systems and productivity software you don't have to spend money on anti-virus software AND consultant time removing the viruses that the A/V didn't even stop.
    Fat Pop Do Wop
  • The 'consumer data stealing' aspect of this worm infection within the NHS is not the main worry, as it seems pretty unlikely it would be able to target patient information which does not fall under the remit the worm has for data collection. Indeed, it's a pretty scattergun approach to data theft albeit successful enough when it hits a relevant target. The main concern has to be the security holes at whatever NHS Trust(s) have been hit by the thing and which allowed it access in the first place. Post-Conficker I would have hoped that all Trusts were not only securing their networks but patching them up the wazoo - looks like that isn't the case.