It seems there are two kinds of worm in the Windows world: ones that threaten hundreds of millions of XP users, and ones that embarrass a small number of media companies using Windows 2000.
The second type struck last week. It started spreading via the net on Sunday with Zotob.A, which according to anti-virus company Trend Micro, infected about 50 computers worldwide. It was soon followed by Zotob.B, which hit about 1 000 systems, without doing any actual damage.
Were reporters across America shouting, ”Hold the front page”? Well, you don’t need two guesses.
By Tuesday, variants of the worm were shutting down PCs, or causing them to reboot. But this still only affected PCs running Windows 2000 that had not had the latest security patch installed, that were not properly protected by firewalls, and lacked updated virus checkers — which must be a tiny proportion of all Windows systems.
As Russian anti-virus company Kaspersky Lab reported last Wednesday: ”There has not been any noticeable increase in network activity which could be ascribed to this worm.” For comparison, it said, the Sasser worm caused an increase in network traffic of approximately 20% to 40%.
However, the companies hit included The New York Times, the CNN cable news network and Walt Disney’s ABC News, so perhaps the result was predictable.
”A real epidemic or media hysteria?” wondered Kaspersky Lab. The amount of coverage was surprising, but the story the press didn’t tell was: ”Wow, we screwed up.”
There were, as always, lessons to be learned. The most important is that worm and virus writers are speeding up their efforts to create exploits as soon as possible after Microsoft has ”announced” them by releasing a security fix. IT managers no longer have months or weeks to get their acts together: Zotob/Mytob/Rbot/IRCBot/Bozori appeared in days.
The second lesson is that worm and virus writing is no longer the preserve of inadequately socialised nerds. Compromising PCs so that they can be exploited to send spam or mount blackmail attacks on websites or networks is now a big-money business and attractive to serious criminals.
According to Finnish anti-virus firm F-Secure, the Zotob debacle included a ”bot war” as rival gangs tried to grab compromised PCs. The third lesson is, I deduce, that many IT managers have not installed adequate defences against malware that is brought inside their firewalls by the laptops staff use at home. People can’t plug into Microsoft’s corporate network without their notebook PC being scanned for updates and viruses: how about yours?
Still, in the long term, Zotob could be good news for Microsoft. Windows 2000 is still the most common operating system in corporations, even though they must know (if their IT people are doing their jobs) that XP SP2 is more secure.
Many firms have taken the view that Windows 2000 is a good desktop operating system that does all they need, so they don’t have a reason to spend money upgrading to XP SP2 or the forthcoming Vista. Well, perhaps now they do. – Guardian Unlimited Â