St Vincent's Hospital flushes out Conficker worm

Powered by SC Magazine

"Massive" IT project discovers 300 unpatched PCs.

Administrators at the St Vincents and Mater Health Sydney have revealed that a software transfusion last year uncovered some 300 unpatched PCs in which Conficker malware was festering.

The hospital group this week revealed details of a $400,000 endpoint security project completed in August 2009.

It took IT staff four years to secure funding and approval for the project, said St Vincents' IT security manager Peter Param, describing it as "massive" for the organisation.

Param kicked off discussions with Internet Security Systems - with a view to adopting its Proventia software suite - in 2005, after deciding to migrate from "firewall-type" to "host-based" defences.

"We had reasonably good perimeter defence, but it was not in-depth," Param said.

After obtaining project approval, Param established a three-year contract for the Proventia Desktop Endpoint security and Endpoint Secure Control suites plus PGP Corporation's encryption software and support.

But it wasn't the security aspects that prompted Param to choose Proventia, which was acquired by IBM in 2006, over Check Point's ZoneAlarm, he said.

More compelling was IBM's automated deployment paradigm, which St Vincents now employs for a host of other software upgrades.

Param blamed the group's previous software management process, which relied on Microsoft's Active Directory, for gaps in its application of system upgrades.

Some 300 of the organisation's 2,700 PCs had never been patched for Microsoft's critical MS08-067 vulnerability, which could be exploited by the malicious Conficker worm.

In September 2009, just weeks after the Proventia suite was deployed, the worm slowed part of St Vincents' network to a halt.

Param said the effects were similar to those of a Denial of Service (DoS) attack, as Conficker launched repeated attacks on the newly deployed security software.

He said the network could have been more vulnerable as staff transitioned to the new security suite, abandoning antivirus software by Trend Micro.

The malware was found to have been festering on the hospital's network for nearly two weeks after users downloaded research files or transferred them to the hospital's network from infected home PCs.

"It was not a good circumstance, I guess, but it helped us find out what was going on," Param said.

St Vincents now uses the Proventia suite in conjunction with a legacy firewall solution and Symantec Hosted Services's MessageLabs anti-spam service.

Param also planned to establish a secure sockets layer virtual private network (SSL VPN) to allow researchers to access their work documents from home.

Copyright © . All rights reserved.

St Vincent's Hospital flushes out Conficker worm
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
NBN Co names first 140 FTTN sites
National trial extended.
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
Sign up to receive iTnews email bulletins
Latest Comments
In which area is your IT shop hiring the most staff?

   |   View results
IT security and risk
Sourcing and strategy
IT infrastructure (servers, storage, networking)
End user computing (desktops, mobiles, apps)
Software development

Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results