Houston Municipal Court in Texas has had its operations shut down since last week because of a virus that has infected over 400 of its computers, according to media reports.
Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).
Scribble is a fast-infecting polymorphic virus, attempting to infect every file that is opened on a user’s computer and changing its shape in order to try and avoid detection. One of the reasons it has caused some firms problems appears to be its ability to modify HTM, HTML, PHP and ASP filetypes, typically used on web servers.
What that means is that if your users become infected by the Scribble virus, and have write-access to a folder or drive containing your public-facing web server files, your external website could easily be infected and begin to serve up malware to visitors.
Good network security practice would mean only giving users who have a legitimate reason to write to your website content folder the ability to alter files on your public-facing site.
City officials claim that the malware’s spread was limited to 475 of the city’s 16,000 computers.
The latest reports suggest that Houston Municipal Court experts to return to its normal business tomorrow, once the remaining computers are cleaned-up.