Over 1,000 NHS desktops part of botnet, says Symantec

Patient data is unlikely to have been compromised by an information stealing worm called Qakbot, said the company
Written by Tom Espiner, Contributor

Over a thousand UK health systems have been compromised and are part of a data-stealing botnet, according to security company Symantec.

The 1,100 computers are infected with the Qakbot worm. This monitors compromised computers for information before uploading the data to Qakbot botnet command-and-control servers, said Symantec in a blog post on Thursday.

Symantec has alerted the NHS about the compromised systems, said Cox, which came to light when the company began monitoring two command-and-control servers in March. These are FTP servers that are also infected machines and part of the botnet.

Patient data is unlikely to have been stolen, Symantec security operations manager Orla Cox told ZDNet UK on Friday.

"This is very much a consumer threat," said Cox. "Once it gets into a corporate environment, it looks for consumer data."

Qakbot searches for information such as online banking details, credit card data, social-networking credentials and internet mail credentials, according to the Symantec blog post.

It is theoretically possible for the botnet controllers to order the bot to download a new copy of itself that is equipped to steal patient data, but this would be unlikely, said Cox.

"This is not a very targeted threat. It's not that sophisticated," she said.

The NHS had not responded to a request for comment at the time of writing. However, ZDNet UK understands that the NHS is aware of the Symantec discoveries and is investigating the issue.

Editorial standards