NHS Computers Hit By Qakbot Infection

Tom Jowitt,

Is there a doctor in the house? Computer systems at the NHS have been infected by a botnet which Symantec warns has compromised over 1,100 separate systems

More than 1000 desktop computer systems owned by the National Health Service (NHS) have been infected with Qakbot, a botnet that steals data, but which appears not to have harvested any patient information.

Data-stealing Qakbot loose in hospitals

The data stealing worm Qakbot has infected over 1,100 separate systems, according to security vendor Symantec. Essentially the botnet tries to steal login details for file transfer protocol (FTP) accounts, and email logins which use post office protocol (POP) 3.

“One unusual aspect of Qakbot is that even though its purpose is to steal information associated with home users, it has also been successful at compromising computers in corporate environments as well as government departments,” wrote Symantec’s Patrick Fitzgerald on the vendor’s security response blog.

“For instance, there are over 100 compromised computers on a Brazilian regional government network. More alarmingly, the logs show that there is a significant Qakbot infection on a major national health organisation network in the UK,” he wrote.

“This threat has managed to infect over 1,100 separate computers that are spread across multiple subnets within their network. We have attempted to contact the affected parties and have no evidence to show that any customer or patient data has been stolen. Given that these figures are based on the evidence from logs obtained from only two servers over two weeks, the actual numbers may be higher,” Fitzgerald warned.

Data Breaches

Qakbot is designed to monitor compromised computers for sensitive information and works by recording the suggestions brought up by the autocomplete features of browsers. It is also capable of stealing data (up to 2GB per week) such as online banking information, credit card information, social network credentials and email account information as well as Internet search histories.

Symantec warned earlier this week that the physical theft or loss of a device containing corporate information is the largest single reason for data breaches. The security vendor found in its latest Global Internet Security Report that corporate IT systems are facing increasingly targeted attacks.

Indeed, Symante has previously revealed the heavy price of cyber attacks and the corporate security measures to tackle them, after it conducted a study that found that cyber attacks are costing enterprises around $2 million (£1.3m) per year.

The headaches posed by data breaches are nothing new. Back in February for example, a critical server at the Valdosta State University in Georgia was hacked, an attack that compromised highly sensitive personal information of thousands of students and staff.