'War of the Worms' Spurs Latest Cyber-Attack

Kennedy believes the corporate targets hit by Zotob may have been exposed by not taking proper measures to prevent infection by laptop computers. He theorized that individuals may have used company laptops in an infected environment outside the network, and then plugged them back into the company networks behind a firewall.

Cybertrust advises its clients to take three steps to avoid such exposure, Kennedy said.

First, they should keep all laptops patched with security updates and insulated with up-to-date company or personal firewall programs.

Second, they should use a special router between the notebook and the pipeline providing Internet access (such devices don't work for wireless connections, he said).

Third, laptop users should power down completely before plugging back into the company network.

"If you power down altogether when your restart and log on to your network, the whole network can do a hygiene check," Kennedy said. "That hygiene check can be bypassed by hibernation" -- the energy-saving mode computers go into when not powered down.

Protecting laptops -- plus maintaining up-to-date patches, antivirus prevention and firewalls on company networks -- should go a long way in protecting against worms like Zotob.

"If they have a tight perimeter that we help them construct around their enterprise, then Zotob keeps bouncing off," he said.

An Ounce of Prevention …

Similar advice holds true for home computer users, experts said.

"The best way to deal with this, of course, is to stop the virus with antivirus software before it infects your PC," said Sophos' Cluley via e-mail. "But failing that, it can be easiest to download up-to-date antivirus software on a known clean computer, and then use that software to clean up the infected PC."

Kennedy claimed he notified Cybertrust's corporate clients of the Zotob risk on Sunday, and they were not affected when major media companies got hit on Tuesday. Kennedy and others said Zotob was far from being a devastating worm, in relation to past outbreaks such as Sasser and Blaster.

"If you've got it, you've got a problem," he said of Zotob. "But with some prevention, you can whistle right past the graveyard on it."

ABC News' Paul Eng contributed to this report.

-- This embed didnt make it to copy for story id = 1046002.
  • 1
  • |
  • 2
  • |
  • 3
Join the Discussion
blog comments powered by Disqus
You Might Also Like...