Bot Worms Garner More Attention Than Deserved

In the wake of the infections, which took down networks at several large news organizations (and you wonder how they got so much coverage?), a few lessons are obvious. First, patch your systems. Microsoft released a fix for the vulnerability, but it went largely unapplied before the worms hit. Second, close off unnecessary network holes, even within your protected network. Yeah, yeah, we know you've heard it before, like the dentist telling you to brush and floss every day. But if you aren't doing it, your systems could be next.

Now it's confession time. I didn't find out about these two new worms from my antivirus software vendor or from watching systems crash. I didn't even hear about them from a panicked executive who heard the news on his morning commute. My first flash on Zotob was a report by Keynote Systems--a network performance-monitoring service.

Think about that for a moment. For all the technical magnificence of antivirus software, the most important thing about these worms is not how they operate, but the simple fact that they slow network performance. That's what users see, and that's what they complain about. And in that light, performance monitoring--normally used for detecting network faults--may be one of the most overlooked tools in your security toolbox.