A New Type Of Worm - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
11:55 AM
Connect Directly

A New Type Of Worm

On the surface, the so-called Zotob worm, also known as Bozori, doesn't appear to be much different from earlier Internet worms such as Blaster or Sasser. Like those, Zotob exploits a known software vulnerability to spread among machines. But the latest malware didn't have the same kind of far-reaching impact. "We've seen no telltale signs of an epidemic on the Internet," says David Emm, a senior technology consultant for the Moscow-based Kaspersky Lab Inc., via E-mail. "We've had no reports of infection from individual users."

The worm's spread was mostly confined to localized "explosions" inside business IT environments, where Microsoft's Windows 2000 operating system--the target of the attack--is more prevalent than on home PCs. "These organizations, typically made up of 'small internets' behind heavily defended Internet gateways, have experienced infection," Emm says. The outbreak portends a change in scenarios in which businesses are at increased risk of internal infection while the Internet itself avoids much of the impact.

That's good news in the sense that improvements in PC security have contributed to the decreased effectiveness and appeal of mass attacks. The bad news is that stronger defenses shift the focus to weaker links, including techniques designed to dupe people. "There's no doubt that social engineering plays a huge role in the success of these attacks," says Shane Coursen, senior technology consultant with Kaspersky.

Zotob grabbed the business community's attention because it was so unexpected. Companies have gotten better at virus protection, and there haven't been any huge disruptions in a couple of years. According to InformationWeek Research's annual security survey, a majority of companies have deployed virus-detection software and network firewalls, and nearly half have intrusion-detection systems in place.

"Organizations have been secured behind their 'impenetrable' firewalls, filtering all E-mails and stripping all executable content," Emm writes. "Businesses felt secure and confident that no attack could reach them. The blow from the inside was all the worse for being totally unexpected."

But there remain weak spots, to be sure. Our survey finds that only about a third of companies have intrusion-prevention systems or products to help them manage security events. And

the typical office worker may be oblivious to what can go wrong. Only one in five survey respondents say their companies provide security training to PC users.

-- with TechWeb's Gregg Keizer

More stories on InformationWeek Research's
U.S. Information Security Survey 2005

  • The Threats Get Nastier

  • Sidebar: Source Of The Problem

  • Report: U.S. Information Security 2005

  • Tool: Compare Your Security Practices

  • Behind The Numbers: Security Conforms To Regulatory Compliance

  • We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    Comment  | 
    Print  | 
    More Insights
    InformationWeek Is Getting an Upgrade!

    Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

    Remote Work Tops SF, NYC for Most High-Paying Job Openings
    Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
    Blockchain Gets Real Across Industries
    Lisa Morgan, Freelance Writer,  7/22/2021
    Seeking a Competitive Edge vs. Chasing Savings in the Cloud
    Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
    White Papers
    Register for InformationWeek Newsletters
    Current Issue
    Monitoring Critical Cloud Workloads Report
    In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
    Flash Poll