UK National Health Service hit with malware infection

The infection of the Qakbot hit at least 1,100 NHS computers

Computers belonging to the UK's National Health Service have been hit with data-stealing malware, although it doesn't appear patient information was stolen, according to security vendor Symantec.

The computers were infected with Qakbot, a type of malicious software that can steal credit card information, passwords, Internet search histories and other data from machines, wrote Patrick Fitzgerald, senior security response manager at Symantec, in a blog.

The Register reported early Friday that the infection affected "the National Health Service (NHS) network," taking a direct quote from the blog. It appears the blog was revised at some point on Friday morning to take out the reference to the NHS.

When contacted, Symantec said it usually gives organizations eight hours ahead notice of a problem before they will blog on the subject, according to a spokeswoman for the company. The blog post was changed and will stay changed, the spokeswoman said, but confirmed it was the NHS that had been hit.

"Logs show that there is a significant Qakbot infection on a major national health organization network in the UK," Fitzgerald's post now reads. "This threat has managed to infect over 1,100 separate computers that are spread across multiple subnets within their network. We have attempted to contact the affected parties and have no evidence to show that any customer or patient data has been stolen."

In an e-mailed statement, the NHS said: "This hasn't been raised with us as an issue within the NHS. The NHS requires its organisations to reach high standards of virus protection. We will investigate any incidents brought our attention."

Qakbot monitors computers and then uploads stolen information to an FTP server, Fitzgerald wrote. Symantec was able to gain access to two of the servers receiving the data. In one week, more than 4GB of data was uploaded to those servers, including credentials from online services such as Facebook, Twitter, Orkut, Bebo, Adult FriendFinder plus e-mail providers such as Hotmail, Gmail and Yahoo.

"Qakbot records the contents of information that is stored and used by the auto-complete feature," Fitzgerald wrote. "In a nutshell, if your computer is compromised, every bit of information you type into your browser will be stolen."

Symantec found evidence that more than 100 computers on a "Brazilian regional government network" were compromised in addition to computers on other corporate networks. A map of the infections showed that infections are worldwide.

Fitzgerald wrote that a Qakbot infection can result in the attackers gaining a broad view of a user's online activities.

"For example, one woman, after chatting on Facebook, bought some items online at the retailers Argos and WHSmith," he wrote. "She then posted updates about her activities on that day. If required, the attacker can then log in to the above sites and can gain access to the orders, which gives access to the home address where the items will be ultimately delivered."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?