Zotob Shuts Down an Entire Government Department subject logo: UNIX
Posted by: badanov

In Oklahoma, our Department of Human Services was hammered by Zotob badly enough the entire network was unplugged from the Internet last Wednesday No Internet save for email, according to an article in the Daily Oklahoman Saturday.

Bad enough, but worse still is that the DHS IT department said they would manually apply the patch unit by unit, and that it would be Monday ( August 22nd ) before they would have any Internet, which to us means http.

The two elements of this story that jumps out at us was that they allowed their email server to remain on line, and that this government department was a sitting duck for seven days after this patch was released by Microsoft before getting hit. Email is one of the worm's version vectors it uses to spread itself, and given this department was loaded down with Win2000 systems, we fail to see how shutting off an http server would help the situation, when it would be port 445 they should have been concerned with.

DHS must have been hit with a later version of the worm, and shutting off port 445 would be the best immediate course of action. Just shutting everything down makes little sense.

Also reported in the Oklahoman last Wednesday was that the Norman, Oklahoma unit of York International was shut down by the worm on Wednesday. Part of the first shift and all the second and third shirt was shut down as measures were taken to counter the worm.

As described by F-secure last week, the worm truly does scan for random network segments, as the Oklahoma state government's own network, the much larger OneNet, was not affected by the Zotob worm.

Betcha now they will will require SANS and cert.org as required daily, perhaps even hourly, reading by their IT staff.

If you have something to add, Fire Away!

Number of Comments so far: 0

Click here for a list of stories in the Unix and Computer category