By Elinor Mills
April 23, 2009
SAN FRANCISCO -- The Conficker worm infected several hundred machines
and critical medical equipment in an undisclosed number of hospitals
recently, a security expert said on Thursday in a panel at the RSA
"It was not widespread, but it raises the awareness of what we would do
if there were millions" of computers infected at hospitals or in
critical infrastructure locations, Marcus Sachs told CNET News after the
session. Sachs is the director of the SANS Internet Storm Center and a
former White House cybersecurity official.
It is unclear how the devices, which control things like heart monitors
and MRI machines, and the PCs got infected, he said. The computers are
older machines running Windows NT and Windows 2000 in a local area
network that was not supposed to have access to the Internet, however,
the network was connected to one that has direct Internet access and so
they were infected, he said.
Conficker spreads via networked computers as well as through removable
storage devices and a hole in Windows that Microsoft patched in October,
but these machines were too old to be patched, according to Sachs.
LayerOne 2009, Information Security for the discerning professional.
May 23-24 2009 @ The Anaheim Marriott in Anaheim, California
Visit http://layerone.info for more information