New Survey: Zotob Damage Runs Deeper Than Previous Attacks, But Impacts Fewer Businesses

HERNDON, VA. – Fewer businesses were hit by the Zotob worm that struck corporate networks last August than during previous malware attacks, but those hit were hit much harder, a new survey shows.

The August worm caused disruptions for about 13 percent of the organizations surveyed by computer security firm Cybertrust, which released the results of a 700-company study Wednesday. Zotob’s victims included cable news station CNN, TV network ABC, The New York Times and DaimlerChrysler, CNET.Com reported.

Six percent of survey respondents said Zotob’s impact on their company was moderate to major, which was defined as more than $10,000 in losses and at least one major business system affected, such as e-mail or Internet connectivity.

Alarming as it was, Zotob did far less damage than did other major worms designed to exploit Windows vulnerabilities, Cybertrust said.

For example, the Nimda worm made a moderate to major impact on 60 percent of companies. MSBlast (aka Blaster) struck about 30 percent of organizations to that degree, Cybertrust said.

Zotob was less widespread, in part, because it targeted only PCs running Windows 2000, an older version of the software. The worm exploited a hole in the operating system’s plug-and-play feature, and let attackers take control of infected machines while spying on users.

Most businesses became infected through vulnerable computers wired to the corporate network, rather than wireless pathways or e-mail, Cybertrust said. A full 26 percent of Zotob victims told the firm that infections occurred because they had no firewall in place.

The average cost of recovering from a Zotob infection was $97,000, Cybertrust said. For 61 percent of victims, cleanup required more than 80 hours of work. The health care industry was hit hardest, with more than a quarter of that sector’s organizations reporting some impact, according to the survey.

But the more limited scope of the attack is not necessarily an encouraging sign, Cybertrust said. Rather than indicating that businesses are wising up to vulnerabilities, the survey shows that hackers’ goals are changing.

Indeed, two men arrested in Turkey for allegedly unleashing Zotob and other worms are thought to be part of a credit card fraud ring