|
| The hospital's computer network is alleged to
have been disrupted by the botnet infection. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis center, have reminded
organizations of the threat posed by zombie networks after the news
that a man has been indicted for a computer attack which is alleged
to have jeopardised patient care.
Christopher Maxwell, from Vacaville, California, has been
indicted on charges that he launched an attack in January 2005
which struck hard at Northwest Hospital and Medical Center in north
Seattle. The attack is said to have shut down computers in the
facility's intensive care unit and prevented doctors' pagers from
working properly.
When it noticed that 150 of its 1,100 computers were infected,
officials at Northwest Hospital contacted the FBI, and put backup
measures in place. Nurses are said to have run charts down hallways
rather than transferring them electronically.
According to the US Attorney's office in Seattle, 20-year-old
Christopher Maxwell first compromised computer networks at
California State University, the University of Michigan and the
University of California-Los Angeles by exploiting loopholes in
their security. Compromised computers were converted into a network
of zombie computers (also known as a botnet) which could be
remotely controlled for the purposes of planting commission-earning
adware.
In total, Maxwell and two un-named youths are said to have
created a zombie network of over 13,000 compromised computers.
Maxwell is alleged to have fraudulently earned $100,000 from
unnamed companies whose adware he installed.
"Although no patients were harmed, any attack against a hospital
network is a serious offense," said Graham Cluley, senior
technology consultant for Sophos. "All organizations need to put
the appropriate resources in place to ensure their computers are
not part of a zombie network. Every PC should be properly defended
by up-to-date anti-virus software, firewalls, and the latest
security patches."
Maxwell has been summoned to appear at the US District Court in
Seattle on 23 February. If convicted, the 20-year-old faces up to
10 years in prison and a $250,000 fine. He could also be ordered to
pay restitution to Northwest Hospital that estimates its repair
bill amounted to $149,000. The two unidentified juvenile
co-conspirators are also being prosecuted.
Zombie computers - are your PCs under someone else's
control?
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information. SophosLabs estimates that more than
60 percent of all spam today originates from zombie computers. In
May, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect
and hijack computers around the world, programming them to spew out
German nationalistic spam during an election.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the organization's reputation,
but can also cause the company's email to be blocked by others.
Sophos ZombieAlertâ„¢
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
attacks.
Sophos continues to recommend that computer users ensure their
anti-virus software is up-to-date, and that companies protect
themselves with a consolidated solution
which can defend them from the threats of both spam and
viruses.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.