In a study of 700 enterprises assessing the extent of damage caused by the Zotob worm, it was found that 13 percent of organizations reported that they experienced at least "some adverse impact" from Zotob. This is defined as spending time, resources or money fighting or recovering from the worm.
About six percent had a "moderate or major impact" from Zotob, incurring more than $10,000 in losses and hitting at least one critical system. This figure compares with similar studies carried out after previous worm outbreaks. More than 60 percent of organizations suffered a "moderate or major impact" due to Nimda. Blaster had similar results with more than 30 percent of organizations.
"Study of the Zotob worm demonstrated that, compared to earlier worm outbreaks such as SQL Slammer or Sasser, Zotob adversely impacted significantly fewer organizations," said Russ Cooper, Cybertrust senior information security analyst and author of the Zotob study.
"The nature of this worm and its ultimate business impact illustrates the goal of hackers today is no longer widespread system shutdown, but rather more frequent, smaller attacks with specific targets powered by a drive for financial and information gain," he added.
Infected organizations reported an average cost of the Zotob event to be $97,000. Cleaning up infected systems required more than 80 hours of work for nearly two-thirds of affected organizations. The healthcare sector experienced the most damage from Zotob with 26 percent of companies experiencing at least some adverse effects, compared to seven percent of financial institutions.
The study found that the worm entered the majority of organizations through wired networks from within the corporate perimeter, as opposed to through email or wireless networks. Infections that began in corporate networks occurred at least three times more frequently than from any other location, such as public networks (e.g. a hotel), VPNs, or home networks.
Worryingly, 26 percent of business victims of the Zotob worm were hit because no firewall was in place to protect systems.
Cooper said that organizations need to "develop a broader risk management strategy that addresses numerous broad countermeasures to protect critical business assets, rather than adopting a reactive, time-critical patching."