Article

Mydoom-A infects a third of organizations polled

Shawna McAlearney, Staff Writer

Though it raced around the Internet last week, the Mydoom-A outbreak last week didn't spell disaster for the vast majority of security managers. A poll conducted by SearchSecurity.com found that the worm

    Requires Free Membership to View

infected 33% of 132 organizations surveyed but did minimal damage in most cases.

"Just a few of our users opened the worm before we installed our antivirus signature updates," said Clay Ruth, software systems engineering manager. "Both of our antivirus vendors (Trend Micro and F-Prot) came through quickly, so we had the updates online less than two hours after the worm first arrived in our mailboxes. The updated scanners promptly identified the infected systems and stopped the worm in its tracks."

Most of those polled (87%) said Mydoom-A caused little or no damage to their systems while 9% said that its impact was worse than Sobig-F, which caused headaches for a number of security teams because of numerous messages sent back to the spoofed from addresses.

Some had close calls because of interconnected systems. "We saw what appeared to be an infection in one contractor workstation that had connected to our network," said Mark Amos, the information security manager at Owens Corning. "However, we have a rather heavy layered defense so the worm could not propagate."

Amos's approach paid off. "We block executables coming into the corporation and examine .zip files for executables as well," Amos said. "Because of an early warning from Symantec we blocked all .zip files for about 20 hours as an additional precaution."

Many organizations that weren't infected by Mydoom-A still felt its wrath.

"My organization's mail server has received hundreds of mail messages destined for non-existing users," said Arik Baratz, a system engineer at Vidius. "I've (spent a lot of time) deleting the non-delivery notifications. My 30+ users are, however, uncharacteristically smart, and will not run an executable even in disguise."

Others agreed that the traffic was quite significant. "We're filtering nearly two thousand per hour, making the Mydoom/Novarg worm one of the hardest-hitting worms that we've seen," said John Masterson, VP of Modwest, a Web hosting and online services company.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: