Printers at risk of Conficker worm

IT security professionals should consider all devices connected to the network when assessing risk. For example, some printers run Windows-based operating systems (to contact suppliers when cartridges run low), even though they are not classified as computers on the network.

Printers and other Windows-based devices are as at much risk of threats to the network – such as the Conficker worm that attacked Ealing Council's IT systems earlier this year – as any other component in an organisation's IT estate.

Some printers run Windows-based operating systems to contact suppliers when cartridges run low, even though they are not classified as computers on the network. This makes them vulnerable to the virus.

Businesses cannot afford to relax their vigilance over the worm, says Rodney Joffe, director of the Conficker Working Group, an industry group set up to combat the worm.

Cleaning up and re-installing an organisation's computers is a costly exercise, but IT managers may be overlooking potential sources of rapid re-infection. Rodney Joffe says IT managers should also think about other devices, such as printers, that are permanently connected to the network.

Conficker typically affects all Windows-based devices on a network, which means equipment such as printers can cause rapid re-infection, even if organisations go to the expense of cleaning every computer on the network.

Such re-infections are difficult to detect because most of these devices do not have consoles that enable IT managers to inspect the operating system. Baffled IT managers usually assume an external source, such as a memory stick or other removable device, is responsible.

IT managers should re-examine their network layout and ensure that they isolate any networked machines they do not have full control over, says Joffe. "This is the only way organisations can make sure those machines cannot re-infect the other devices vital to the running of the business, such as servers and desktops."

Joffe says businesses should be under no illusions that the Conficker problem is solved or that it no longer poses a threat. Not only can it force networks to shut down, as it did in Ealing, but Conficker is a robust botnet that its creators or other criminals may still use to steal sensitive information or carry out other cyber attacks, he says.

While not claiming victory over Conficker, Joffe says the Conficker Working Group has made tremendous strides in setting up a model for international co-operation on cyber issues. "Next time there is a global cyber threat we will have the basis for reaching out rapidly to foreign governments and organisations to co-ordinate a response," he says.

Read more on IT risk management