French navy surrenders to Conficker

Quelle horreur! France admits its naval systems were taken offline by the Conficker worm during January, but disputes that planes were grounded. Meanwhile, an antivirus software maker says “the new digital plague” now infects one in 16 PCs.

According to an Agence France Presse report (it’s in French; grab a translation here), Conficker was introduced by a soldier who brought it on a USB stick from home.

After discovering the infection, the Marine Nationale took all its internet systems offline. At one point all French naval staff were instructed not to open their computers.

Captain Jerome Erulin of the navy’s PR wing says the virus attack had “no operational consequence". Personnel got by with “old fashioned telephone and fax”

The spokesman disputed an Intelligence Online report that begged to differ, stating that the navy’s Rafale figher jets were “nailed to the ground” over January 15 and 16 because they were unable to download flight plans.

The navy has now banned USB sticks, joining a pre-Xmas ban by the US mililary – but trailing organisations in the commercial sector by some margin (the Sumitomo bank in London took to super-gluing over USB ports after a keystroke logger attack two years ago).

The French navy is the third major military organisation to be hit by Conficker following the RAF, which earlier in January saw computer networks at 24 bases infected, and the Royal Navy, which saw systems on 75% of its fleet turn wormy.

Waiting for the other boot to drop
One security software company, Panda Security, estimates Conficker has now infected 1 in 16 PCs world wide, labelling the worm a new “digital plague”.

Yet so far, the infection has only been nuisance value – albeit major nuisance value – for infected organisations worldwide (including our own Ministry of Health).

Conficker makes infected computers vulnerable to attack. Yet the worm has yet to move to stage two of its attack, in which it could deliver a payload of malware to the infected systems.

Another antivirus company, F-Secure, speculates that Conficker’s author is Ukrainian, as one of the worm’s first actions is to check if a computer has a Ukrainian-formatted keyboard. If it does, it leaves it alone.

Symantec ANZ’s Peter Sparkes tells NBR the author’s motives are probably financial. But, until the payload arrives, his – or her – motives remain a mystery.

Learn how to patch your PC against Conficker here.