Tuesday, November 21, 2006

A Zero-Day Virus Attack

Earlier this month a part of our University was hit with a zero-day virus attack. I had not heard of the phrase zero-day before now and suspect most people only learn about the concept when one occurs at their place of work.

Zero-day refers to a class of computer threats that exposes undisclosed or unpatched application vulnerabilities. Zero-day attacks can be considered extremely dangerous because they take advantage of computer security holes for which no solution is currently available. Zero-day attacks are difficult to defend against and are often effective against secure networks and can remain undetected even after they are launched.

A Zeroday Emergency Response Team (ZERT) is a group of software engineers who works to release non-vendor patches for Zero-day exploits. McAfee and Symantec deployed ZERT teams to the campus. It took 48 hours to identify the virus and release a DAT file that patched and inoculated against the virus.

When the smoke cleared, over 1900 desktops and 10 servers were infected with the mass mailing virus referred to as W32/Nuwar or W32/Mixor. It damaged Microsoft Office applications, including Word and Excel. Fortunately, our crisis management strategies worked or the damage would have been much more significant. Sphere: Related Content

1 comment:

Anonymous said...

close all the
GLP
so that the virus replicate can be reduced.