Security memo instructs users to stop using removable storage devices

Mar 28, 2009 10:08 GMT  ·  By

A security notification, signed by the UK Parliament's Director of Information and Communication Technology, informs users that the infamous Conficker worm is spreading on the parliamentary network, slowing it to a crawl. A cleaning operation is underway and portable devices such as MP3 players and USB memory sticks have been temporarily banned.

The leaked memo, originally published on the "Dizzy Thinks" political blog, is addressed to "All users connecting directly to the Parliamentary Network," which, according to it, "has been affected by a virus known as conficker."

"This virus affects users by slowing down the Network and by locking out some accounts. We are continuining [sic] to work with our third party partners to manage its removal and we need to act swiftly to clean computers that are infected," it goes on to explain. The UK Parliament's network is protected with security solutions from MessageLabs, a Symantec subsidiary.

Several recommendations are made, including immediately disconnecting any computer systems that are not authorized to be on the network, as well as abstaining from using any removable storage devices. Users suspecting that their equipment might be infected are advised to call the PICT Service Desk beginning Wednesday, March 25.

According to The Register, an anonymous House of Commons insider confirmed the authenticity of the memo and also pointed out that the network had indeed not functioned normally for the past week. He described it as acting like it was being "hand cranked."

Conficker is one of the most "successful" worms in the history of the Internet, having infected a number of 12 million computers at its peak. The malware propagates through a critical vulnerability in the Microsoft Windows operating system and USB devices. Once inside a network, it is able to spread to other systems by hacking accounts with weak passwords or copying itself to network shares.

The worm made its way inside the networks of organizations worldwide, including governmental as well as law enforcement and military ones. Back in January the U.K. Royal Navy reported that the worm had infected computer systems on board of several of its vessels. The navy's flagship, the HMS Ark Royal, had also been affected.

Conficker has regained media attention lately as April 1st approaches. On this date the worm will activate one of its update mechanisms and will start querying the domain names it randomly generates on a daily basis in order to receive instructions from its creators. The nature of these updates is only a matter of speculation amongst security researchers.