UK National Health Service hit with malware infection

The infection of the Qakbot hit at least 1,100 NHS computers

Computers belonging to the UK's National Health Service have been hit with data-stealing malware, although it doesn't appear patient information was stolen, according to security vendor Symantec.

The computers were infected with Qakbot, a type of malicious software that can steal credit card information, passwords, Internet search histories and other data from machines, wrote Patrick Fitzgerald, senior security response manager at Symantec, in a blog.

The Register reported early Friday that the infection affected "the National Health Service (NHS) network," taking a direct quote from the blog. It appears the blog was revised at some point on Friday morning to take out the reference to the NHS.

When contacted, Symantec said it usually gives organizations eight hours ahead notice of a problem before they will blog on the subject, according to a spokeswoman for the company. The blog post was changed and will stay changed, the spokeswoman said, but confirmed it was the NHS that had been hit.

"Logs show that there is a significant Qakbot infection on a major national health organization network in the UK," Fitzgerald's post now reads. "This threat has managed to infect over 1,100 separate computers that are spread across multiple subnets within their network. We have attempted to contact the affected parties and have no evidence to show that any customer or patient data has been stolen."

In an e-mailed statement, the NHS said: "This hasn't been raised with us as an issue within the NHS. The NHS requires its organisations to reach high standards of virus protection. We will investigate any incidents brought our attention."

Qakbot monitors computers and then uploads stolen information to an FTP server, Fitzgerald wrote. Symantec was able to gain access to two of the servers receiving the data. In one week, more than 4GB of data was uploaded to those servers, including credentials from online services such as Facebook, Twitter, Orkut, Bebo, Adult FriendFinder plus e-mail providers such as Hotmail, Gmail and Yahoo.

"Qakbot records the contents of information that is stored and used by the auto-complete feature," Fitzgerald wrote. "In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen."

Symantec found evidence that more than 100 computers on a "Brazilian regional government network" were compromised in addition to computers on other corporate networks. A map of the infections showed that infections are worldwide.

Fitzgerald wrote that a Qakbot infection can result in the attackers gaining a broad view of a user's online activities.

"For example, one woman, after chatting on Facebook, bought some items online at the retailers Argos and WHSmith," he wrote. "She then posted updates about her activities on that day. If required, the attacker can then log in to the above sites and can gain access to the orders, which gives access to the home address where the items will be ultimately delivered."

Join the PC World newsletter!

Error: Please check your email address.

Tags malware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?