Bozori and Zotob the first real company worms.
Bozori, it seems, causes local outbreaks, whenever it's able to reach the critical mass (and this is heavily dependent on the level of management in the organization). The worm can't reach many machines over the Internet because these days everybody deploys a firewall. However, a worm can penetrate a local network without going through the firewall: when an infected laptop is brought into a network large problems appear. That's why small companies and home users haven't been affected. On the other hand, a number of globally interconnected corporations, running large networks of computers - practically their own reduced versions of the Internet – have been hit badly. This incident suggests that we're on the threshold of a new era, in which 'company worms' will cause 'local network outbreaks' in large corporations, but will have little effect on the Internet as a whole. And yes we got solutions ... IPS but not everyone is buying this as it is not really cheap... Oh yes I nearly forgot to mention that some of my interviews are published on our press page at http://www.anti-malware.info/press.htm .
And not every newspaper was interested in publishing something only for 'companies'. Was it not problematic enough?
In mean time some zero day exploit appeared: msdds.dll ... more at http://isc.sans.org/diary.php?date=2005-08-19 Let's hope we don't get anymore problems with this in the future!
<< Home