Already labelled as the one of the most damaging worms ever, the Mydoom malicious code is proving to be a boon for hackers and spammers, but of little consequence to those Canadian companies that took security up a notch after last year’s spate of worms.
The Bank of Montreal, a company that was already replete with security technology, has “incorporated the lessons learned last year,” said Robert Garigue, BMO’s Toronto-based chief information security officer. “There has been a transformation.”
Last year’s Slammer and Blaster worms, referred to as a “shot over the bow” by Symantec Canada’s general manager Michael Murphy, were a painful lesson that convinced many companies to pay more attention to security.
BMO is doing a better job of patch management, monitoring the currency of its applications, operating systems and antivirus management. The resultant system “is a series of rings to ensure as much defense as possible,” Garigue said. Mydoom was “filtered off at the gateway,” he added, though BMO security experts did see indications of it arriving. Since BMO quarantines all e-mail attachments (it sends recipients a notice that they can retrieve the attachment if needed), Mydoom was ineffectual. Even if an infected laptop had made it through, internal systems would have picked up on the abnormal behavior of Mydoom trying to e-mail itself out. “We have agents that look for that kind of activity,” said Garigue.
He added that, unlike last year, this time around he and his counterparts at other Canadian financial institutions seem to have been unaffected. A spokesperson for the Royal Bank concurred, saying it was not affected by Mydoom.
Simon Tang, senior manager, security services with Deloitte in Toronto, said the small business and consumer markets were hardest hit since neither possess the multi-tiered defense systems that larger corporations have in place. Having said that, he agrees with the prognosis that it is one of the worst worms seen in recent years. “It is definitely spreading at a very fast pace, faster than Blaster,” he said.
Kevin Krempulec, the Toronto-based Canadian channel manager for Symantec Corp., said that the firm’s statistics back up this conclusion. Of the 246 Mydoom submissions it received from Canadian customers, only 10 were from corporate clients.