UK National Health Service hit with malware infection

The infection of the Qakbot hit at least 1,100 NHS computers

Computers belonging to the UK's National Health Service have been hit with data-stealing malware, although it doesn't appear patient information was stolen, according to security vendor Symantec.

The computers were infected with Qakbot, a type of malicious software that can steal credit card information, passwords, Internet search histories and other data from machines, wrote Patrick Fitzgerald, senior security response manager at Symantec, in a blog.

The Register reported early Friday that the infection affected "the National Health Service (NHS) network," taking a direct quote from the blog. It appears the blog was revised at some point on Friday morning to take out the reference to the NHS.

When contacted, Symantec said it usually gives organizations eight hours ahead notice of a problem before they will blog on the subject, according to a spokeswoman for the company. The blog post was changed and will stay changed, the spokeswoman said, but confirmed it was the NHS that had been hit.

"Logs show that there is a significant Qakbot infection on a major national health organization network in the UK," Fitzgerald's post now reads. "This threat has managed to infect over 1,100 separate computers that are spread across multiple subnets within their network. We have attempted to contact the affected parties and have no evidence to show that any customer or patient data has been stolen."

In an e-mailed statement, the NHS said: "This hasn't been raised with us as an issue within the NHS. The NHS requires its organisations to reach high standards of virus protection. We will investigate any incidents brought our attention."

Qakbot monitors computers and then uploads stolen information to an FTP server, Fitzgerald wrote. Symantec was able to gain access to two of the servers receiving the data. In one week, more than 4GB of data was uploaded to those servers, including credentials from online services such as Facebook, Twitter, Orkut, Bebo, Adult FriendFinder plus e-mail providers such as Hotmail, Gmail and Yahoo.

"Qakbot records the contents of information that is stored and used by the auto-complete feature," Fitzgerald wrote. "In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen."

Symantec found evidence that more than 100 computers on a "Brazilian regional government network" were compromised in addition to computers on other corporate networks. A map of the infections showed that infections are worldwide.

Fitzgerald wrote that a Qakbot infection can result in the attackers gaining a broad view of a user's online activities.

"For example, one woman, after chatting on Facebook, bought some items online at the retailers Argos and WHSmith," he wrote. "She then posted updates about her activities on that day. If required, the attacker can then log in to the above sites and can gain access to the orders, which gives access to the home address where the items will be ultimately delivered."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags malware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?