TippingPoint Customers Preemptively Protected From Zotob Worm And Variants
AUSTIN, TX. August 31, 2005 TippingPoint, a division of 3Com and the leader in intrusion prevention, today announced that its TippingPointTM Intrusion Prevention Systems (IPS) preemptively protected all of its customers against the Zotob worm and its variants. Protected customers include University of Washington Medical, Mercy Health Partners and George Washington University Law School.
“The TippingPoint IPS has completely protected us from the Zotob worm, blocking every infection attempt,” said Mike Briggs, director of Information Technology at the George Washington University Law School. “We have seen many mutations of the Zotob worm and all have been blocked by TippingPoint’s original vulnerability-based filter, released August 9, well in advance of any reported Zotob attack.”
Briggs said the IPS blocked hundreds of thousands of Zotob attempts in three days, protecting hundreds of desktops and thousands of student laptops at the law school.
On August 9, the MS05-039 Plug and Play vulnerability was announced in the monthly Microsoft Bulletin. Within hours, TippingPoint issued a Virtual Software Patch through its Digital Vaccine® automatic update service. This filter was designed to protect against potential attacks on the vulnerability, and was automatically distributed to customers’ devices. At the time of the vulnerability announcement, there were no known attacks. On August 11, just two days after the vulnerability was announced and the TippingPoint filter had been distributed, the exploit code for MS05-09 was posted on the Internet. This exploit was automated on August 13, becoming the Zotob worm.
By Monday, August 15, between 4:00 p.m. and 5:00 p.m., the TippingPoint solution blocked 160,000 Zotob threats in a single hour at the University of Washington Medicine. As the week unfolded, the TippingPoint IPS thwarted a total of 803,000 Zotob attacks without allowing a single one to penetrate the network.
“The TippingPoint IPS saved us,” said Cindy Jenkins, a security engineer at the University of Washington Medicine. “Our security team put an unprotected Windows box on the network as a trial, and the time to infection was eight seconds. Because this bot worm attacks neighboring devices on the network, the infection rate could have been disastrous if even 100 of those 803,000 attacks had penetrated the system. Up to half of our network could have been infected in no time, and it might have shut down our hospitals or severely impaired patient care. The worm could easily have infected medical devices, putting patients at risk. It is a good thing we were protected by the TippingPoint IPS.”
Since the first appearance of Zotob, there have been several variants of the worm, which have the added capabilities of sending spam and infected emails. With one security filter, the TippingPoint IPS effectively blocked the original Zotob worm, its subsequent variants, and the other family of worms that have since exploited the same Microsoft vulnerability including IRCBot, EsBot, and Bobax. Zotob itself has over 12 variants to date.
Denny McLean, regional Information Security administrator at Mercy Health Partners said, “We are extremely pleased with the preemptive protection we received from the TippingPoint IPS. The TippingPoint Digital Vaccine service was protecting us before Zotob even existed, and we have had zero infections. It would have been extremely difficult to patch all of our 4,000 desktops and servers in such a short window, before Zotob hit. Plus, there were reports that the initial Zotob worm interrupted anti-virus products from updating. The TippingPoint IPS also served as a valuable reporting tool for off-network business partners that were infected by Zotob.”
About TippingPoint, a division of 3Com
TippingPoint, a division of 3Com, is the leading provider of network-based intrusion prevention systems. The TippingPoint IPS is the most decorated in its industry. For a full list of awards, visit http://www.tippingpoint.com/products_certifications.html. Our innovative approach offers customers unmatched network-based security with unrivaled economics, ultra-high performance, scalability and reliability. TippingPoint is based in Austin, Texas, and can be contacted through its Web site at www.tippingpoint.com or by telephone at 1-888-TRUE-IPS.
About 3Com Corporation
3Com Corporation (NASDAQ: COMS) is a leading provider of secure, converged voice and data networking solutions for enterprises of all sizes. 3Com offers a broad line of innovative products backed by world class sales, service and support, which excel at delivering business value for its customers. Through its TippingPoint division, 3Com is the leading provider of network-based intrusion prevention systems that deliver in-depth application protection, infrastructure protection, and performance protection for corporate enterprises, government agencies, service providers and academic institutions. For further information, please visit www.3com.com, or the press site www.3com.com/pressbox.