Zotob vs. SarbOx

[mdlbear]

From this article at theInquirer.org:

Another day, another massive bot infection. When will these people learn trusted computing and Microsoft promissory press releases are not worth the paper they are printed on? And yes I know they are not on paper anymore. Here is when they'll learn, when someone notices that getting infected violates a whole bunch of laws, and that brings down the legal hammers on them.

What do I mean? Well, for this said large financial organisation, there are several new regulations that are now in force, but the one that I am specifically thinking of is SarbOx. If they were an HMO or hospital, they would have HIPPA to contend with too. These laws have some pretty onerous data access and authenticity requirements backed up by civil and criminal penalties. Several states like California also have laws on notification and reporting on top of these.

So, what's the problem? The large financial organisation just got potentially owned bad, it was infected by a bot carrying worm that allows outside access to the computers, the data carried within, and potentially the servers. Keyloggers? Maybe. Things riding on the back of Zotob? Maybe. I don't know, do you? Do you think the large financial organisation does either?

So, on one side you have a company that got screwed through sloppy patch practices and an impossible task of keeping a Microsoft network patched. I do say impossible on purpose, I mean it in the literal sense, not the conversational one. On the other side, you have organisations like the SEC looking for heads to nail to the wall. They don't take excuses like 'we didn't know' or 'we didn't foresee that one' with a smile and a laugh, this is 'buy your way out with political contributions' territory.

So, a large financial org got hit, and hundreds of computers were compromised. Did any of them have sensitive and/or customer data on them? Are you sure? Can you prove that? Has any of the data been tampered with? The answers most likely are a yes privately, no publicly, no, no and no clue respectively. To be honest, this is not just a big financial organisation's problem either, there are probably a bunch of others in the same boat, I just happened to overhear a phone call between someone and this said corporation.

It could be a case of "I'm not afraid." ... "You will be!"

Comments

[sbisson.livejournal.com]

The thing is, it's not impossible to patch a Microsoft network. There are plenty of tools out there to do it quickly, safely and securely, and many of them are third party. Look at the many thousands of organisations that weren't hit by Zotob...

What's a bigger concern is organisations that keep UPNP ports open on their firewalls, that don't VLAN across divisions, and don't internally firewall. If you're not doing any of the above, then you're not running an enterprise ready network.

Oh, and fail to train their users...

[roaringmouse.livejournal.com]

It seems it was a "big deal" because CNN, The Times and ABC were struck by the worm. DHS internet and intranet was nailed. One tech told me that they suspect it was sent or from somewhere in Turkey.. Interesting...!!!! Ay???

[mdlbear]

Lots of companies are still running on Win2K (or older!); since M$ isn't maintaining it anymore, such systems are impossible to keep patched. Yeah, there are plenty of stupid users out there, but the bad guys are getting smarter, too. Apparently the latest thing is "spear phishing", which involves targetting employees of a single company with email ostensibly from the appropriate higher-ups. Who's going to ignore email from the CEO or the head of HR?