A New Type Of Worm - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
8/26/2005
11:55 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

A New Type Of Worm

On the surface, the so-called Zotob worm, also known as Bozori, doesn't appear to be much different from earlier Internet worms such as Blaster or Sasser. Like those, Zotob exploits a known software vulnerability to spread among machines. But the latest malware didn't have the same kind of far-reaching impact. "We've seen no telltale signs of an epidemic on the Internet," says David Emm, a senior technology consultant for the Moscow-based Kaspersky Lab Inc., via E-mail. "We've had no reports of infection from individual users."

The worm's spread was mostly confined to localized "explosions" inside business IT environments, where Microsoft's Windows 2000 operating system--the target of the attack--is more prevalent than on home PCs. "These organizations, typically made up of 'small internets' behind heavily defended Internet gateways, have experienced infection," Emm says. The outbreak portends a change in scenarios in which businesses are at increased risk of internal infection while the Internet itself avoids much of the impact.

That's good news in the sense that improvements in PC security have contributed to the decreased effectiveness and appeal of mass attacks. The bad news is that stronger defenses shift the focus to weaker links, including techniques designed to dupe people. "There's no doubt that social engineering plays a huge role in the success of these attacks," says Shane Coursen, senior technology consultant with Kaspersky.

Zotob grabbed the business community's attention because it was so unexpected. Companies have gotten better at virus protection, and there haven't been any huge disruptions in a couple of years. According to InformationWeek Research's annual security survey, a majority of companies have deployed virus-detection software and network firewalls, and nearly half have intrusion-detection systems in place.

"Organizations have been secured behind their 'impenetrable' firewalls, filtering all E-mails and stripping all executable content," Emm writes. "Businesses felt secure and confident that no attack could reach them. The blow from the inside was all the worse for being totally unexpected."

But there remain weak spots, to be sure. Our survey finds that only about a third of companies have intrusion-prevention systems or products to help them manage security events. And

the typical office worker may be oblivious to what can go wrong. Only one in five survey respondents say their companies provide security training to PC users.

-- with TechWeb's Gregg Keizer
























More stories on InformationWeek Research's
U.S. Information Security Survey 2005


  • The Threats Get Nastier

  • Sidebar: Source Of The Problem

  • Report: U.S. Information Security 2005

  • Tool: Compare Your Security Practices

  • Behind The Numbers: Security Conforms To Regulatory Compliance
























  • We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    Comment  | 
    Print  | 
    More Insights
    InformationWeek Is Getting an Upgrade!

    Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

    Slideshows
    11 Things IT Professionals Wish They Knew Earlier in Their Careers
    Lisa Morgan, Freelance Writer,  4/6/2021
    News
    Time to Shift Your Job Search Out of Neutral
    Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
    Commentary
    Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
    Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
    White Papers
    Register for InformationWeek Newsletters
    Video
    Current Issue
    Successful Strategies for Digital Transformation
    Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
    Slideshows
    Flash Poll