A New Type Of Worm

One of the dozen or so bots unleashed in mid-August might be considered the first ''business worm.'' -- Sidebar to: The Threats Get Nastier
On the surface, the so-called Zotob worm, also known as Bozori, doesn't appear to be much different from earlier Internet worms such as Blaster or Sasser. Like those, Zotob exploits a known software vulnerability to spread among machines. But the latest malware didn't have the same kind of far-reaching impact. "We've seen no telltale signs of an epidemic on the Internet," says David Emm, a senior technology consultant for the Moscow-based Kaspersky Lab Inc., via E-mail. "We've had no reports of infection from individual users."

The worm's spread was mostly confined to localized "explosions" inside business IT environments, where Microsoft's Windows 2000 operating system--the target of the attack--is more prevalent than on home PCs. "These organizations, typically made up of 'small internets' behind heavily defended Internet gateways, have experienced infection," Emm says. The outbreak portends a change in scenarios in which businesses are at increased risk of internal infection while the Internet itself avoids much of the impact.

That's good news in the sense that improvements in PC security have contributed to the decreased effectiveness and appeal of mass attacks. The bad news is that stronger defenses shift the focus to weaker links, including techniques designed to dupe people. "There's no doubt that social engineering plays a huge role in the success of these attacks," says Shane Coursen, senior technology consultant with Kaspersky.

Zotob grabbed the business community's attention because it was so unexpected. Companies have gotten better at virus protection, and there haven't been any huge disruptions in a couple of years. According to InformationWeek Research's annual security survey, a majority of companies have deployed virus-detection software and network firewalls, and nearly half have intrusion-detection systems in place.

"Organizations have been secured behind their 'impenetrable' firewalls, filtering all E-mails and stripping all executable content," Emm writes. "Businesses felt secure and confident that no attack could reach them. The blow from the inside was all the worse for being totally unexpected."

But there remain weak spots, to be sure. Our survey finds that only about a third of companies have intrusion-prevention systems or products to help them manage security events. And

the typical office worker may be oblivious to what can go wrong. Only one in five survey respondents say their companies provide security training to PC users.

-- with TechWeb's Gregg Keizer

More stories on InformationWeek Research's
U.S. Information Security Survey 2005

  • The Threats Get Nastier

  • Sidebar: Source Of The Problem

  • Report: U.S. Information Security 2005

  • Tool: Compare Your Security Practices

  • Behind The Numbers: Security Conforms To Regulatory Compliance