Novell is now a part of Micro Focus

Novacoast helps County Government Battle MSBLASTER Worm

Novell Cool Solutions: Trench
By Paul Anderson

Digg This - Slashdot This

Posted: 10 Oct 2003

When the MSBLASTER virus hit in September of 2003 many organizations were brought to their knees by this malicious new breed of worm. One county government in Southern California was hit particularly hard. Out of its approximately 6000 workstations, the WORM infected some 3500 and county IT services were brought to a standstill for two days. Even as long as two weeks after the initial attack the county was still fighting infections and services continued to be disrupted.

Some of the agencies in this county fared better than others. One agency in particular utilized ZENworks for Desktops (ZfD) to control the outbreak and maintain services to their 2000 users. This agency had ZfD deployed for them in the summer of 2002 by Novacoast, Inc., a Novell partner located in Santa Barbara, California.

The agency is responsible for roughly 2000 workstations running Windows 2000 workstations. Their users are spread out over 12 locations. Because of their distributed geographic environment, the cost of maintaining these PCs was high and was very resource intensive. Also, dispatching technicians to re-install applications, troubleshoot printing problems and a host of other end-user related issues, was simply the normal way of doing business. As the agency grew, these support costs multiplied; while the cost of maintaining this environment was on the rise, customer satisfaction was on the decline.

Novacoast deployed ZfD to help this agency lower the total cost of ownership and to provide a better end-user experience for their PC users. Achieving these goals couldn't have been better met than with the example of how they handled the MSBLASTER disaster. The agency was first within the entire county to report that they had been 100% free of worm infections and they did so within 24 hours of the initial outbreak. While other agencies dispatched technicians to go to every workstation and patch machines, this one used ZfD to do it for them.

Utilizing ZfD they quickly created a new application that removed the Run command that MSBLASTER had put into the registry. The ZfD application also deleted MSBLAST.EXE from the SYSTEM32 directory where it was copied. This was the first package that was deployed to fight the worm, as they had not yet downloaded the patch from Microsoft. Later, when they had got the patch, they pushed that out via a "force run" application and finished the remediation for MSBLASTER.

The cost savings that this one agency saved in downtime alone could be estimated in the hundreds of thousands of dollars. While they were already well on the way to recouping their initial investment dollars for implementing ZfD, this was just icing on the cake.

Since the MSBLASTER outbreak and this agency's subsequent handling of it, four other agencies within this county alone have asked for proposals to implement ZfD in their environment. No one wants disasters like this to occur, but when they do it's very evident who is prepared for disaster and who is not. Utilizing ZfD to manage an organization's desktop environment not only saves money and resources in day-to-day operations, but it also prepares them to handle the unexpected exploits that the Internet has in store for them. And with Windows security being what it is, I'm sure we can expect many more exploits in the future.

Together with Novell and Novacoast local government agencies can utilize leading edge, best of breed technologies such as ZENworks for Desktops, to securely manage their PC desktop environments in a cost effective manner.

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates