X

Zotob damage deep but not widespread

Hackers go for gain rather than pain, a study from security firm Cybertrust says.

Alorie Gilbert Staff Writer, CNET News.com
Alorie Gilbert
writes about software, spy chips and the high-tech workplace.
See full bio
Alorie Gilbert
2 min read
Fewer businesses fell victim to the Zotob worm that struck corporate networks than previous attacks, but those it hit paid dearly, according to a new survey.

The August worm caused disruptions for about 13 percent of the organizations surveyed by computer security firm Cybertrust, which released the results of a 700-company study Wednesday. As reported earlier, Zotob's victims included cable news station CNN, TV network ABC, The New York Times and DaimlerChrysler.

Six percent of survey respondents said Zotob's impact on their company was moderate to major, which was defined as more than $10,000 in losses and at least one major business system affected, such as e-mail or Internet connectivity.

Alarming as it was, Zotob did far less damage than did other major worms designed to exploit Windows vulnerabilities, Cybertrust said. For example, the Nimda worm made a moderate to major impact on 60 percent of companies. MSBlast (aka Blaster) struck about 30 percent of organizations to that degree, the firm said.

Zotob was less widespread, in part, because it targeted only PCs running Windows 2000, an older version of the software. The worm exploited a hole in the operating system's plug-and-play feature, and let attackers take control of infected machines while spying on users.

Most businesses became infected through vulnerable computers wired to the corporate network, rather than wireless pathways or e-mail, Cybertrust said. A full 26 percent of Zotob victims told the firm that infections occurred because they had no firewall in place.

The average cost of recovering from a Zotob infection was $97,000, Cybertrust said. For 61 percent of victims, cleanup required more than 80 hours of work. The health care industry was hit hardest, with more than a quarter of that sector's organizations reporting some impact, according to the survey.

But the more limited scope of the attack is not necessarily an encouraging sign, Cybertrust said. Rather than indicating that businesses are wising up to vulnerabilities, the survey shows that hackers' goals are changing.

"The nature of this worm and its ultimate business impact complements Cybertrust's intelligence that illustrates the goal of hackers today is no longer widespread system shutdown, but rather more frequent, smaller attacks with specific targets powered by a drive for financial and information gain," Russ Cooper, Cybertrust analyst and the study's author, said in a statement.

Indeed, two men arrested in Turkey for allegedly unleashing Zotob and other worms are thought to be part of a credit card fraud ring.