"Cybertrust's study on the Zotob worm demonstrated that, compared to earlier worm outbreaks such as SQL Slammer or Sasser, Zotob adversely impacted significantly fewer organizations," said Russ Cooper, Cybertrust senior information security analyst and author of the Zotob study. "The nature of this worm and its ultimate business impact complements Cybertrust's intelligence that illustrates the goal of hackers today is no longer widespread system shutdown, but rather more frequent, smaller attacks with specific targets powered by a drive for financial and information gain."
Specifically, about 13 percent of organizations surveyed reported that they experienced at least some adverse impact from Zotob, defined as spending time, resources or money fighting or recovering from the worm. About 6 percent had a moderate or major impact from Zotob -- more than $10,000 in losses and at least one business critical system affected (e.g. email, commerce, Internet connectivity). This compares to a moderate or major impact of more than 60 percent of organizations due to Nimda, and more than 30 percent of organizations due to Blaster.
Infected organizations reported an average cost of the Zotob event to be $97,000; cleaning up infected systems required more than 80 hours of work for 61 percent of impacted organizations. The healthcare industry experienced the greatest Zotob impact with 26 percent of companies experiencing at least some adverse impact, compared to 7 percent of financial institutions.
The Zotob worm infection entered the majority of organizations through wired networks from within the corporate perimeter, as opposed to through email or wireless pathways. Infections that began locally occurred at least three times more frequently than from any other location, such as public networks (e.g. a hotel), VPNs, or home networks. Twenty-six percent of business victims of Zotob were impacted because no firewall was in place. The fact that only 7 percent of impacted organizations received the worm via email demonstrates that reliance on traditional anti-virus programs scanning incoming email is not enough to protect a corporate network from malcode attacks.
"The results of the Zotob study confirm Cybertrust guidance to develop a broader risk management strategy that addresses numerous broad countermeasures to protect critical business assets, rather than adopting a reactive, time-critical patching," said Cooper.
