St Vincent's Hospital flushes out Conficker worm

Powered by SC Magazine

"Massive" IT project discovers 300 unpatched PCs.

Administrators at the St Vincents and Mater Health Sydney have revealed that a software transfusion last year uncovered some 300 unpatched PCs in which Conficker malware was festering.

The hospital group this week revealed details of a $400,000 endpoint security project completed in August 2009.

It took IT staff four years to secure funding and approval for the project, said St Vincents' IT security manager Peter Param, describing it as "massive" for the organisation.

Param kicked off discussions with Internet Security Systems - with a view to adopting its Proventia software suite - in 2005, after deciding to migrate from "firewall-type" to "host-based" defences.

"We had reasonably good perimeter defence, but it was not in-depth," Param said.

After obtaining project approval, Param established a three-year contract for the Proventia Desktop Endpoint security and Endpoint Secure Control suites plus PGP Corporation's encryption software and support.

But it wasn't the security aspects that prompted Param to choose Proventia, which was acquired by IBM in 2006, over Check Point's ZoneAlarm, he said.

More compelling was IBM's automated deployment paradigm, which St Vincents now employs for a host of other software upgrades.

Param blamed the group's previous software management process, which relied on Microsoft's Active Directory, for gaps in its application of system upgrades.

Some 300 of the organisation's 2,700 PCs had never been patched for Microsoft's critical MS08-067 vulnerability, which could be exploited by the malicious Conficker worm.

In September 2009, just weeks after the Proventia suite was deployed, the worm slowed part of St Vincents' network to a halt.

Param said the effects were similar to those of a Denial of Service (DoS) attack, as Conficker launched repeated attacks on the newly deployed security software.

He said the network could have been more vulnerable as staff transitioned to the new security suite, abandoning antivirus software by Trend Micro.

The malware was found to have been festering on the hospital's network for nearly two weeks after users downloaded research files or transferred them to the hospital's network from infected home PCs.

"It was not a good circumstance, I guess, but it helped us find out what was going on," Param said.

St Vincents now uses the Proventia suite in conjunction with a legacy firewall solution and Symantec Hosted Services's MessageLabs anti-spam service.

Param also planned to establish a secure sockets layer virtual private network (SSL VPN) to allow researchers to access their work documents from home.

Copyright © . All rights reserved.

St Vincent's Hospital flushes out Conficker worm
Top Stories
Making a case for collaboration
[Blog post] Tap into your company’s people power.
Five zero-cost ways to improve MySQL performance
How to easily boost MySQL throughput by up to 5x.
Tracking the year of CIO churn
[Blog post] Who shone through in 12 months of disruption?
Sign up to receive iTnews email bulletins
Latest Comments
Which is the most prevalent cyber attack method your organisation faces?

   |   View results
Phishing and social engineering
Advanced persistent threats
Unpatched or unsupported software vulnerabilities
Denial of service attacks
Insider threats