Zotob aftermath and analysis



The dust over the zotob worm infection has settled a bit at this point. (You can bet there are still infected machines out there though so if you haven’t patched yet – DO IT and check for signs of infection.) Among other things, The Security Fix is analyzing the impact.


Among other things Brian notes that this was more of a “Business Worm” and did not much affect home users. The point here is most home ISP’s are filtering the ports that many of these worms use to spread. The outbreaks instead were in business networks largely. This may be a sign of things to come. Many Small and medium sized businesses would have been more severely impacted with either no IT staff to deal with or very overworked IT trying to deal with the issues.

He summarizes several peoples analysis of the recent zotob outbreak. Including this timeline and analysis. It’s important to note the time from discloser of vulnerability to worm is getting shorter. This is in part because the exploit code gets freely shared. It should encourage network administrators (And Operating System vendors) to be more proactive and have a “default deny” mentality.

There’s also a note that the botnets are being used to distribute adware/spyware and act as spam relay networks. No surprises there.

   Send article as PDF   

Similar Posts