Though it raced around the Internet last week, the Mydoom-A outbreak last week didn't spell disaster for the vast majority of security managers. A poll conducted by SearchSecurity.com found that the worm infected 33% of 132 organizations surveyed but did minimal damage in most cases.
"Just a few of our users opened the worm before we installed our antivirus signature updates," said Clay Ruth, software systems engineering manager. "Both of our antivirus vendors (Trend Micro and F-Prot) came through quickly, so we had the updates online less than two hours after the worm first arrived in our mailboxes. The updated scanners promptly identified the infected systems and stopped the worm in its tracks."
Most of those polled (87%) said Mydoom-A caused little or no damage to their systems while 9% said that its impact was worse than Sobig-F, which caused headaches for a number of security teams because of numerous messages sent back to the spoofed from addresses.
Some had close calls because of interconnected systems. "We saw what appeared to be an infection in one contractor workstation that had connected to our network," said Mark Amos, the information security manager at Owens Corning. "However, we have a rather heavy layered defense so the worm could not propagate."
Amos's approach paid off. "We block executables coming into the corporation and examine .zip files for executables as well," Amos said. "Because of an early warning from Symantec we blocked all .zip files for about 20 hours as an additional precaution."
Many organizations that weren't infected by Mydoom-A still felt its wrath.
"My organization's mail server has received hundreds of mail messages destined for non-existing users," said Arik Baratz, a system engineer at Vidius. "I've (spent a lot of time) deleting the non-delivery notifications. My 30+ users are, however, uncharacteristically smart, and will not run an executable even in disguise."
Others agreed that the traffic was quite significant. "We're filtering nearly two thousand per hour, making the Mydoom/Novarg worm one of the hardest-hitting worms that we've seen," said John Masterson, VP of Modwest, a Web hosting and online services company.