The IT systems at the Houses of Parliament have been hit by the Conficker worm.
After the virus was detected, an email was sent to staff warning them, “We ... ask that if you are running a PC or portable computer not authorised to be on the network that you take it off immediately,” Channel 4 News reported.
This may indicate that parliamentary IT systems do not automatically prevent unsecured machines and devices from connecting to the network, observers speculated.
Asked by journalists yesterday why network security failed to prevent the infection, a parliamentary spokesperson was unable to comment.
The spokesperson was also unable to say when Parliament's anti-virus systems were last updated, even though the Conficker worm has been known about since last November and patches are readily available. Channel 4 News reported that this indicated the network “seems to be completely unsecured”.
Today, the Houses of Parliament did not immediately return calls asking for comment.
Graham Cluley, senior technology consultant at IT security firm Sophos, said it was “not difficult” for the public and private sector to protect itself against the worm. “Organisations need to educate their staff about the issue, they need the right polices and the technology in place,” he said.
“To protect against Conficker, you need to have applied the latest security patches, have network access control in place, and have control over USB ports.”
Organisations would be well advised to protect the strength of their passwords by not using dictionary words or sequential numbers, he said, “because Conficker tries to break passwords".
In February, the Conficker virus was found to have infected the French Navy's IT network. One month before, a virus that hit the Ministry of Defence in January, was widely reported to have potentially been Conficker, but the MoD declined to confirm this.
It has been reported that the damage will be done by Conficker on 1 April, when the worm’s creator will take control of infected machines.