Windows worm wiggles through Canadian firms

The Windows 2000 worm that caused work disruption for companies worldwide early this week may not have caused significant damage, but certainly served as a wake-up call for businesses to re-think their security strategies, an analyst said.

The effects of the Zotob worm is relatively benign compared to more vicious attacks, said Carmi Levy, senior research analyst with Info-Tech Research Group in London, Ont. The Zotob worm doesn’t destroy or delete data but causes the continual re-boot of computers and servers with Windows 2000.

“At the end of day the damage was not significant but what stands out is who was infected when they shouldn’t have been. The lesson we can take away from this is even though this was a low impact, low cost attack this was a wake-up call to businesses everywhere.”

Toronto-based Bell ExpressVu, a subsidiary of Bell Canada, had its hands full on Tuesday when one hundred of the company’s call centre workstations running Windows 2000 were affected by the Zotob worm.

According to a Bell ExpressVu employee, the computers started to breakdown at around 2 p.m. on Tuesday. The worm also infected some 30 Windows 2000 servers at Bell ExpressVu.

The Bell ExpressVu employee said the workstations kept re-booting, which left call centre representatives unable to process customer calls efficiently.

Levy believed that Windows 2000 was targeted because not many bothered to update older OS with the latest patches. He said Microsoft issued a patch for the threat last week for download.

“A week later on August 16, major organizations [and] a branch of the U.S. government were taken down because they didn’t take the time in that week to apply those patches to those systems. Clearly they were not on top of their security game,” Levy said.

The analyst said security measures such as installing the latest patches not only to servers and desktops but mobile devices should be top of mind for network administrators.

Levy believed those who were infected might have gotten the worm through laptop computers that were infected and then connected back to the corporate network.

“It is more of an inconvenience than anything else,” said Levy. “The real loss to business is productivity. There are huge dollar figures associated with that.”

There are 700 call centre workstations in Bell ExpressVu’s Toronto office, most of them are running Windows XP which was not affected by the worm, the employee said.

Bell ExpressVu was unable to immediately perform the patch because it would have required the company to upgrade its Service Pack (SP) 2 to SP4 before the patch could be downloaded, according to the ExpressVu employee.

“Upgrading to SP4 would have affected some of our existing applications,” the employee said.

After discovering the infection, Bell ExpressVu opted to migrate the affected Windows 2000 systems to XP. As of yesterday afternoon, call centre operations have been running normally, said the employee.

Toronto radio station 680 News reported that CIBC was also among the companies affected by the worm. The report said CIBC’s trading division and head office in Toronto were hit, but bank transactions were not affected.

Levy said organizations have dodged a bullet this time with the Zobot worm attack, but warned that next time could be worse.

As of press time, Bell Canada could not be reached for comment.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now