| Related Resources |
 |
|
 |
|
|
Monthly Incident Summary Reports
March - May 2007
Links to other reports are available on the Security
Reports Homepage.
Number of Agencies/Universities Reporting
March 2007
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
35 |
22 |
7 |
64 |
| Agencies |
33 |
43 |
7 |
83 |
April 2007
| Organization Type |
Incidents |
No Incidents |
No Report |
Total |
| Universities |
36 |
20 |
6 |
64 |
| Agencies |
36 |
41 |
8 |
83 |
May 2007
| Universities |
36 |
23 |
5 |
64 |
| Agencies |
32 |
46 |
5 |
83 |
Types of Incidents
Types of Incidents
| Actual Infections |
841 |
582 |
311 |
| Unauthorized Physical Access |
2 |
8 |
0 |
| Unauthorized Information Access |
54 |
2 |
31 |
| Web Site Defacement |
2 |
3 |
2 |
| Theft of Equipment |
12 |
9 |
27 |
| Theft of Information |
0 |
0 |
3 |
| Unauthorized Use/Misuse |
260 |
190 |
129 |
| Accidental Disruption |
53 |
39 |
57 |
| Disruption or Denial of Services (DOS) |
311 |
6 |
11 |
| Other |
3,453 |
286 |
264 |
| Total |
4,988 |
1,125 |
835 |
Impact of Incidents
Impact of Incidents
| March 2007 |
3,103 |
323 |
$105,333 |
0 |
| April 2007 |
2,925 |
391 |
$64,047 |
1 |
| May 2007 |
1,311 |
401 |
$43,956 |
2 |
Incident Profiles
Incident Profiles
| March 2007 |
14,505,121 |
15,971 |
2,975,754 |
| April 2007 |
18,538,552 |
166,836 |
931,531 |
| May 2007 |
137,293,5844 |
42,023 |
124,468,829 |
Malicious Code
Malicious Code
| Viruses/Worms |
455,160 |
435,952 |
343,403 |
| Logic Bombs |
0 |
40 |
0 |
| Back Doors |
131 |
54 |
267 |
| Other Malicious Code |
425,381 |
288,953 |
1,998567 |
| Total Workstations/Hard Drives Infected |
783 |
553 |
294 |
| Total Servers Infected |
58 |
29 |
17 |
Server Types (Number of Systems)
Server Types (Number of Systems)
| Critical production applications and/or
data |
9 |
4 |
5 |
| Critical administrative/support applications
and/or data |
14 |
11 |
11 |
| Research applications and/or data |
6 |
3 |
7 |
| Academic applications and/or data |
29 |
10 |
8 |
| External use web servers |
20,636 |
9 |
10 |
| Internal use web servers |
3 |
7 |
1 |
| FTP Servers |
569 |
668 |
736 |
| Email Servers |
47 |
137 |
6 |
| Print Servers |
4 |
1 |
1 |
| Other Servers |
182 |
268 |
92 |
| Total |
21,499 |
1,118 |
877 |
Response Activities and General Information
Response Activities and General information
| 1. Number of times were incident response plans activated |
158 |
252 |
50 |
| 2. Number of times disaster recovery plans activated due to security incident |
1 |
0 |
7 |
| 3. Average hours from detection to containment |
738 |
186 |
287 |
| 4. Incidents with response activity logs kept |
316 |
330 |
160 |
| 5. Damage to agency/university IR assets |
22 |
21 |
10 |
| 5a. Number of assets restored |
22 |
19 |
10 |
| 6. Number of incidents needed outside assistance |
20 |
10 |
17 |
| 7. Number of incidents resulted in new security measures |
218 |
156 |
124 |
| 7a. Number of patches installed |
225 |
205 |
112 |
| 7b. Number security software installed |
236 |
200 |
113 |
| 7c. Number of additional policies developed |
5 |
2 |
9 |
| 7d. Number other |
0 |
3 |
2 |
| 8. Number incidents resulted in proliferation |
20 |
35 |
21 |
| 8a. Internal Systems |
10 |
22 |
16 |
| 8b. External Systems |
10 |
13 |
7 |
| 9. Incidents resulted in external public awareness |
4 |
1 |
1 |
| 10. Number Incidents reported to law enforcement |
6 |
7 |
21 |
Top Ten Viruses
Top 10 Viruses
| March 2007 |
April 2007 |
May 2007 |
| Downloader |
Trojan.Packed.13 |
JS/Downloader-AUD |
| JS/Downloader-AUD |
Downloader |
Downloader |
| Trojan Horse |
Trojan.Peacomm!zip |
Exploit-ANIfile.c |
| Exploit-MIME.gen.c |
VBS/Psyme |
Exploit-MS06-014 |
| Exploit-MS06-014 |
W32.Netsky.P@mm |
JS/Wonka |
| JS/Exploit-BO.gen |
Exploit-ANIfile.c |
JS/Exploit-bo.gen |
| VBS/Psyme |
JS/Downloader-AUD |
VBS/Psyme |
| W32.Netsky.P@mm |
JS/Exploit-BO.gen |
W32.Netsky.P@mm |
| Exploit-ByteVerify |
Trojan Horse |
W32.Netsky.P@mm!enc |
| Exploit-IEPageSpoof |
W32.Netsky.P@mm!enc |
W32.Sober.AA@mm |
|
