Court halted by fast-spreading virus

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Website folder
Houston Municipal Court in Texas has had its operations shut down since last week because of a virus that has infected over 400 of its computers, according to media reports.

Although originally misidentified at the time of the initial infection on 4th February as the Conficker worm, the infection was ultimately declared by officials to be “W32/Virut.n” (which Sophos has detected as the W32/Scribble-A virus since 3rd February).

Scribble is a fast-infecting polymorphic virus, attempting to infect every file that is opened on a user’s computer and changing its shape in order to try and avoid detection. One of the reasons it has caused some firms problems appears to be its ability to modify HTM, HTML, PHP and ASP filetypes, typically used on web servers.

What that means is that if your users become infected by the Scribble virus, and have write-access to a folder or drive containing your public-facing web server files, your external website could easily be infected and begin to serve up malware to visitors.

Sign up to our free newsletter.
Security news, advice, and tips.

Good network security practice would mean only giving users who have a legitimate reason to write to your website content folder the ability to alter files on your public-facing site.

City officials claim that the malware’s spread was limited to 475 of the city’s 16,000 computers.

The latest reports suggest that Houston Municipal Court experts to return to its normal business tomorrow, once the remaining computers are cleaned-up.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.