Zotob worm beats IT departments in race to patch vulnerable systems

Software patching is no longer sufficient to protect networks from serious attacks experts warned after the Zotob worm disabled thousands of computer systems last week.

Software patching is no longer sufficient to protect networks from serious attacks experts warned after the Zotob worm disabled thousands of computer systems last week.

The worm, which struck only five days after Microsoft released a protective patch, caught hundreds of businesses by surprise, infecting their networks before they had a chance to upgrade their systems.

High profile organisations including the Financial Times, CNN, ABC, the New York Times, UPS General Electric, the Canadian Imperial Bank of Commerce, DaimlerChrysler, General Electric and SBC Communications, were among those reportedly hit by the worm.

Zotob, and a series of rapidly-released copycat worms, exploited vulnerabilities in the plug and play technology used in Microsoft Windows 2000. Once on a company network the worms were able to infect other Windows machines, causing them to repeatedly shut down and reboot.

David Lacey, director of security at the Royal Mail and the IT user security group Jericho Forum, said the emergence of the worms within days of Microsoft releasing its patch, would put pressure on businesses to install multiple defences, rather than relying on patching alone.

"I think it demonstrates we have to keep raising our game and we have to deal with zero day vulnerabilities. We have to speed up the entire patch management process and the virus definition process. And we have to harden the clients on internal networks, by installing personal firewalls, encryption, and authentication on every desk top," he said.

Alex Shipp, chief anti-virus technologist at Messagelabs, said businesses had failed to learn the lessons from the Blaster worm, and had allowed staff to plug infected laptops into the corporate network.

"If companies do have a big lead time for patching they need to look at their internal network structure," he said. " If you have laptops in your company, they should have a separate network."

Companies need to invest in more sophisticated security systems, he added.

"People like McAffee have various different intrusion detection systems, like buffer overflow detection and intrusion prevention. If you deployed all of those you would be protected, but these things cost money."

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close