| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports
September - November 2005
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting:
September 2005
| Universities |
33 |
12 |
18 |
63 |
| Agencies |
31 |
32 |
22 |
85 |
Note: 4 agencies deactivated 9/1/05
October 2005
| Universities |
34 |
19 |
10 |
63 |
| Agencies |
32 |
44 |
9 |
85 |
November 2005
| Universities |
34 |
17 |
12 |
62 |
| Agencies |
33 |
44 |
8 |
85 |
Types of Incidents:
Types of Incidents
| Actual Infections |
1,629 |
2,034 |
1,274 |
| Unauthorized Physical Access |
12 |
2 |
0 |
| Unauthorized Information Access |
1 |
5 |
1 |
| Web Site Defacement |
3 |
5 |
2 |
| Theft of Equipment |
17 |
8 |
9 |
| Theft of Information |
0 |
0 |
0 |
| Unauthorized Use/Misuse |
118 |
67 |
513,229 |
| Accidental Disruption |
372 |
266 |
224 |
| Disruption or Denial of Services (DOS) |
31 |
161 |
5 |
| Other |
667 |
137 |
24,264 |
| Total |
2,850 |
2,685 |
539,008 |
Impact of Incidents:
Impact of Incidents
| September 2005 |
3,810 |
156 |
$223,688 |
1 |
| October 2005 |
4,318 |
736 |
$185,107 |
1 |
| November 2005 |
2,280 |
227 |
$95,803 |
2 |
Incident Profiles:
Incident Profiles
| September 2005 |
4,809,201 |
23,529 |
567,173 |
| October 2005 |
7,584,931 |
1,891,592 |
427,995 |
| November 2005 |
6,413,380 |
7,786 |
696,857 |
Malicious Code:
Malicious Code
| Viruses/Worms |
1,373,656 |
1,453,376 |
1,432,862 |
| Logic Bombs |
44 |
2 |
0 |
| Back Doors |
5,912 |
1,676 |
241 |
| Other Malicious Code |
344,754 |
368,450 |
206,946 |
| Total Workstations/Hard Drives Infected |
1,274 |
1,997 |
1,240 |
| Total Servers Infected |
355 |
37 |
34 |
Server Types (Number of Systems):
Server Types (Number of Systems)
| Critical production applications and/or
data |
5 |
5 |
6 |
| Critical administrative/support applications
and/or data |
15 |
5 |
|
| Research applications and/or data |
2 |
2 |
1 |
| Academic applications and/or data |
19 |
6 |
1 |
| External use web servers |
19,136 |
16,010 |
12,888 |
| Internal use web servers |
7 |
3 |
2 |
| FTP Servers |
732 |
727 |
338 |
| Email Servers |
8,047 |
82,240 |
111,960 |
| Print Servers |
6 |
24 |
0 |
| Other Servers |
38 |
30 |
46 |
| Total |
28,007 |
101,052 |
125,244 |
Response Activities and General Information:
Response Activities and General information
| 1. Number of times were incident response plans activated |
289 |
348 |
115 |
| 2. Number of times disaster recovery plans activated due to security incident |
156 |
4 |
11 |
| 3. Average hours from detection to containment |
530 |
576 |
309 |
| 4. Incidents with response activity logs kept |
731 |
781 |
137 |
| 5. Damage to agency/university IR assets |
7 |
10 |
10 |
| 5a. Number of Assets restored |
5 |
4 |
10 |
| 6. Number of incidents needed outside assistance |
32 |
95 |
16 |
| 7. Number of incidents resulted in new security measures |
39 |
696 |
259 |
| 7a. Number of patches installed |
630 |
712 |
237 |
| 7b. Number security software installed |
644 |
20 |
255 |
| 7c. Number of additional policies developed |
0 |
20 |
3 |
| 7d. Number other |
2 |
1 |
5 |
| 8. Number incidents resulted in proliferation |
1 |
0 |
8 |
| 8a. Internal Systems |
1 |
15 |
1 |
| 8b. External Systems |
0 |
6,200 |
7 |
| 9. Incidents resulted in external public awareness |
6 |
4 |
2 |
| 10. Number Incidents reported to law enforcement |
7 |
4 |
0 |
Top Ten Viruses:
Top 10 Viruses
| September 2005 |
October 2005 |
November 2005 |
| Bots |
Bots |
Sober
|
| Netsky |
Netsky |
Slammer |
| Slammer |
Alzip |
Mytob |
| Zafi |
Zafe |
Zafi |
| Sasser |
Slammer |
Netsky |
| Phish-Bank Fraud |
Sobig |
Bagle |
| MyDoom |
Sasser |
MyDoom |
| Bagle |
Blaster |
Phishing Bank |
| Sober |
Bagle |
Tooso |
| MIME.gen |
Mydoom |
Beagle |
|
