If there’s one place you hope you won’t get infected by a computer virus, it’s an airport.
It’s not just that the virus may fiddle with your departure times; it’s the wider possibility that the virus may have infected more sensitive parts of the airport: ticketing, say, or—heaven forbid—flight control.
Kuala Lumpur International Airport—Malaysia’s main international airport—was on Friday infected by the W32.Downadup worm, which exploits a vulnerability in Windows Microsoft patched back in October. The worm, according to Symantec, does a number of things, creating an http server on the compromised computer, deletes restore points, downloads other file and then starts spreading itself to other computers.
Enlargement of the photo above. The notification says Symantec Antivirus has found the worm, but has not been able to clean or quarantine the file.
KL airport clearly isn’t keeping a tight rein on its security. The virus alert pictured above is at least 12 hours old and the vulnerability it exploits had been patched up a month before. Says Graham Cluley of UK-based security software company Sophos: “What’s disturbing to me is that over a month later, the airport hasn’t applied what was declared to be an extremely critical patch, and one which is being exploited by malware in the wild.”
What’s more worrying is that this isn’t the first time. It’s the first time I’ve noticed an infection on their departures/arrivals board, but one traveller spotted something similar a year and a half ago, with a Symantec Antivirus message popping up on one of the monitors. I saw a Symantec Antivirus message on one monitor that said it had “encountered a problem and needs to close”, suggesting that the worm had succeeded in disabling the airport’s own antivirus defences:
So how serious is all this? Cluely says: “Well, it’s obviously a nuisance to many people, and maybe could cause some disruption.. but I think this is just the most “visible” sign of what may be a more widespread infection inside the airport. I would be more concerned if ticketing and other computer systems were affected by the same attack.”
He points to computer viruses affecting other airports in recent years: In 2003, Continental Airlines checkin desks were knocked out by the Slammer worm. A year later, Sasser was blamed for leaving 300,000 Australian commuters stranded, and BA flights were also delayed.
For me, the bottom line about airports and air travel is confidence. As a traveler I need to feel confident that the people deciding which planes I fly and when are on top of basic security issues. And that doesn’t mean just frisking me at the gate. It also means keeping the computer systems that run the airport safe. This is probably just sloppy computer habits but what if it wasn’t? What if it was a worm preparing for a much more targeted threat, aimed specifically at air traffic?
(I’ve asked KL International Airport and Symantec for comment.)
Hello Jeremy, interesting story.
However, the Downadup case is far from over. Take a look at our blog for more coverage: http://www.f-secure.com/weblog/
Cheers,
Mikko
Please also see the intention of the Air Asia wants to have another LCCT around KLIA about 8 km away with a runaway, also violate the ICAO regulation to have very near 2 diffrent runaway and 2 control tower. With the Air Asia doesn’t want to pay the Passenger Service Charge (PSC) to the airport authorities, but claim have a lot of money to bild a new airport, seems some sort a hidden agreement. Also, the Air Asia staff are also over-works and dispose the Air Asia staff to a very dangerous situation.
Why aren’t they using a company like Fiberlink (http://www.fiberlink.com) or someone to handle their network security? This seems like a must for something as important as an airport…
I think it is very ideal to strengthen also the airport’s computer security against virus, worms, malwares, and other stuff. Flight and other airport protocol can possibly be ruined once the system runs ineffectively.