- Related Stories
-
Zotob worm linked to credit card fraud ring
August 30, 2005 -
Windows worms knocking out computers
August 16, 2005 -
Zotob worm finds its path limited
August 15, 2005
The August worm caused disruptions for about 13 percent of the organizations surveyed by computer security firm Cybertrust, which released the results of a 700-company study Wednesday. As reported earlier, Zotob's victims included cable news station CNN, TV network ABC, The New York Times and DaimlerChrysler.
Six percent of survey respondents said Zotob's impact on their company was moderate to major, which was defined as more than $10,000 in losses and at least one major business system affected, such as e-mail or Internet connectivity.
Alarming as it was, Zotob did far less damage than did other major worms designed to exploit Windows vulnerabilities, Cybertrust said. For example, the Nimda worm made a moderate to major impact on 60 percent of companies. MSBlast (aka Blaster) struck about 30 percent of organizations to that degree, the firm said.
Zotob was less widespread, in part, because it targeted only PCs running Windows 2000, an older version of the software. The worm exploited a hole in the operating system's plug-and-play feature, and let attackers take control of infected machines while spying on users.
Most businesses became infected through vulnerable computers wired to the corporate network, rather than wireless pathways or e-mail, Cybertrust said. A full 26 percent of Zotob victims told the firm that infections occurred because they had no firewall in place.
The average cost of recovering from a Zotob infection was $97,000, Cybertrust said. For 61 percent of victims, cleanup required more than 80 hours of work. The health care industry was hit hardest, with more than a quarter of that sector's organizations reporting some impact, according to the survey.
But the more limited scope of the attack is not necessarily an encouraging sign, Cybertrust said. Rather than indicating that businesses are wising up to vulnerabilities, the survey shows that hackers' goals are changing.
"The nature of this worm and its ultimate business impact complements Cybertrust's intelligence that illustrates the goal of hackers today is no longer widespread system shutdown, but rather more frequent, smaller attacks with specific targets powered by a drive for financial and information gain," Russ Cooper, Cybertrust analyst and the study's author, said in a statement.
Indeed, two men arrested in Turkey for allegedly unleashing Zotob and other worms are thought to be part of a credit card fraud ring.
See more CNET content tagged:
CyberTrust, Zotob worm, survey, victim, worm
Now hackers are reading this article and not taking Cybertrust seriously.
You can't try and second guess hackers, and put a circle around hackers, and give them a stereo type.
Alot of the information Russ is saying is false.
Plus on a previous comment by me I had called for Cybertrusts's database of information to be made public, but they can't even do that.
Sure you may have intelligence you don't want the public to know, but you could at least share your list of "11,000" hacker aliases. I don't see how that kind of information would harm anyone.
I guess the reason is, your database is actually illegal if it was made public, and you would be sued heavily by the people you're suspecting of being a hacker.
See my first point again. The police don't take Cybertrust seriously, nor do hackers.
I guess your database will be 11,001 now.
Now hackers are reading this article and not taking Cybertrust seriously.
You can't try and second guess hackers, and put a circle around hackers, and give them a stereo type.
Alot of the information Russ is saying is false.
Plus on a previous comment by me I had called for Cybertrusts's database of information to be made public, but they can't even do that.
Sure you may have intelligence you don't want the public to know, but you could at least share your list of "11,000" hacker aliases. I don't see how that kind of information would harm anyone.
I guess the reason is, your database is actually illegal if it was made public, and you would be sued heavily by the people you're suspecting of being a hacker.
See my first point again. The police don't take Cybertrust seriously, nor do hackers.
I guess your database will be 11,001 now.
n3td3v: lol
n3td3v: They wouldve been monitoring these guys before it ahppened
n3td3v: And then tipped off the cops
n3td3v: What they were planning
n3td3v: But yeah, obviously Cybertrust is hot air IMO
- Why didn't Cybertrust prevent the worm?
- by n3td3v October 26, 2005 5:29 PM PDT
- n3td3v: If Cybertrust were the intelligence service they say they are, the worm would have never been released
- Like this Reply to this comment
-
(4 Comments)n3td3v: lol
n3td3v: They wouldve been monitoring these guys before it ahppened
n3td3v: And then tipped off the cops
n3td3v: What they were planning
n3td3v: But yeah, obviously Cybertrust is hot air IMO