The NHS has been the latest institution to be the target of a security breach after it emerged that Qakbot had been used to infect computer systems within the organisation.
Over 1100 PCs have been infected with the botnet virus, according to security vendor Symantec. It is believed that this particular infection is able to harvest various sensitive pieces of data, including the login details of any users who have access to externally accessible FTP servers and email services based on POP3 or IMAP.
So far Symantec does not believe that any patient or employee data has been taken as a result of the infection.
Symantec’s Patrick Fitzgerald pointed out that the discovery of the infection is the subject of continued investigation and there could potentially be more infected machines and systems to unearth in the coming weeks.
The servers that act as receptacles for the data which the botnet steals are currently undergoing a period of monitoring, and in a single seven day period, some four gigabytes of data was allegedly harvested from various sources. This data included financial information from online banking and credit card transactions, along with social networking logins and browser histories.
Qakbot is ostensibly targeted at infecting home PCs, but its appearance on the systems operated by public organisations is worrying to the security community. The NHS is not the only government-funded body to suffer an infection, as local government officials in Brazil have also detected the infection.
It is difficult to detect the presence of Qakbot because an ordinary user will not be unable to see it in the list of active processes as it hides behind those which are essential to a computer’s continued operation.
Any users who is worried about the vulnerability of their personal data, either via their emails or social networking profiles, is being advised to take this opportunity to change their passwords. At the moment there is still no evidence to suggest that any data has actually been stolen from within the NHS using this botnet, but this could change in the near future.
