A UK local council has just found the true cost of a virus infection which was introduced onto its network by an employee plugging an infected memory stick into his computer in May this year.

The overall bill for IT recovery and lost revenues was over £500,000 (more than $800,000), as systems were disrupted for several days.

The report on the outbreak from Ealing Council in West London states: ‘At the point the memory stick was plugged in the virus attacked the host PC.  It blocked connections to anti-virus and Microsoft Support websites and attempted to establish connections with 500 internet sites chosen at random from a selection of 25,000 seeking instructions from its author, and sought to also contact other similarly infected PCs that it could find. It then started propagating itself across the Ealing network.’

Although the virus has not been named, it obviously exploited the well-known Windows Autorun vulnerability to spread on the Council network. 

This could have been prevented by issuing all council employees with a secure USB flash drive with onboard anti-virus scanning – which would not only keep mobile data secured, but would also stop any infections using thumb drives to spread.

You can read more about this incident in the following articles:
 
www.theregister.co.uk/ealing_council_mystery_malware
 
www.scmagazineuk.com/Ealing-Council-facing-501000-fine-after-its-network-was-hit-by-a-virus-that-crippled-it-for-weeks
 
www.publicservice.co.uk/news_story

There seems to be no stopping the Downadup Windows Server worm, which some reports are now saying is the worst malware outbreak for 5 years.

 The number of Windows computers infected with the worm - has more than trebled since last weekend to almost 9 million worldwide, from roughly 2.4 million last Thursday. 

The principal targets are corporate Windows servers belonging to small businesses who have not installed security updates released by Microsoft last October.  The worm also uses social engineering techniques to spread via USB flash drives.  

As mentioned in this blog before, this USB attack vector can be stopped with our Cruzer Enterprise secure USB flash drives with onboard anti-virus scanning.  We also recommend users install the relevant Microsoft patch against the vulnerability that the worm exploits.

A number of reports have emerged in the past couple of days, showing that the Downadup Windows Server worm has been spreading quickly since the start of the year. 

 The worm, also known as Conficker, has apparently caused over 3.5 million infections worldwide, with over one million infections this week alone. 

 As reported earlier, the worm uses social engineering techniques to spread via USB flash drives.  If a user plugs an unprotected USB flash into an infected computer, the malware creates an autorun.inf file on the root of the USB drive, which will then autorun or autoplay to infect any unpatched systems.  It also tries to fool users into thinking they are only opening a folder when they are actually clicking to run the worm’s viral payload.

 This USB attack vector can be stopped with our Cruzer Enterprise secure USB flash drives with onboard anti-virus scanning - helping to reduce incidences of infection.