Dennis Abanga
IS317
Project part 3
Investigate Findings on the Malware
In the present day malware has changed in nature dramatically with the criminal element realizing the advantages of using it for more malicious purpose. In the past it was not uncommon for malware to be written as a prank or to annoy the victim, but times have changed, malware in the current day has been adopted by criminals for a wide array of purpose to capture information about the victim or commit other attacks. The term malware used to cover only viruses, worms, and Trojans but nowadays it has evolved to include new forms, such as spyware, adware, and scareware. Software that used to just dial up systems or be annoying now redirects browsers, target search engine results, or even display advertisement s on a system. In order to mitigate malware, best security practices and awareness training is adamant. Keeping browser plug-ins patched is essential. Attacks have moved to the browser and the plug-in applications that make the browser so much more useful. It's critical that attackers not be able to use Microsoft Internet Explorer or Adobe Reader/Acrobat/Flash vulnerabilities to get onto a system. Use each vendor's auto update or software distribution tools to install patches as soon as they become available.
Related Content
Blocking P2P usage is also vital. The simplest method for distributing malware is hidden inside files to be shared on peer-to-peer (P2P) networks. Create and enforce a no-P2P policy, including home usage of a company machine. Enforce the policy at the gateway and/or desktop, for example, by blocking the main executable file of an unwanted application.
Turning off Windows Auto Run (AutoPlay) can also help Stop Conficker, Downadup and other network based worms from jumping from USB keys and network drives without changing company polices on Open Shares. Get specific details on this tip from Symantec and from Microsoft.
Turning on enhanced security in Adobe Reader will help to protect your machines from attacks hidden in PDF files by hardening Adobe Reader. Limiting the use of network shares (mapped drives) will help prevent the worms from spreading. Worms love to spread via networked drives. Unless there is a strong business requirement, close mapped drives. If possible limit permissions to read-only rather than read-write.
Reviewing mail security and gateway blocking effectiveness will help by Catching threats before they get to the desktop can be done with effective mail and Web security scanning. Check that you have a mail security solution which updates frequently to detect the latest bad sender IPs, spam and malware threats at the mail gateway. Consider implementing a Web security solution that will protect your organization against Web 2.0 threats, including malicious URLs and malware.
Reviewing your security content distribution schedule is also inevitable. Antivirus signatures are released multiple times a day and IPS content roughly on a weekly basis or as needed. If possible, take advantage of these updates or at least update machines that are frequently infected.
Protecting smart phones and other mobile devices which are the top cybercrime trend for 2011 is advisable. They are now commonly used by malware for exploitation and to commit fraud. It seems that every employee with a smart phone or tablet PC wants to access the network to get to company e-mail or other applications. Remember that these devices can introduce malware into your network just as easily as an unprotected PC can.
Using tools that go beyond antivirus is highly recommended. While there's still a role for antivirus products, they aren't as effective as they used to be, largely because the threats have evolved to circumvent antivirus software. Many threats today are Web based. A tool like the Intrusion Prevention System (IPS) in Symantec Endpoint Protection stops threats before they can infiltrate a machine. For example, IPS stops vulnerability exploits, drive-by downloads and fake antivirus installation.
For users changing your tool's default settings can help the big way. You can get the most out of your chosen tool by improving its default settings. Only a few setting changes can make a big improvement to your security. Tools such as Symantec Endpoint Protection's application and device control can be used to stop a specific file, block P2P network use or protect critical files and registry entries.
Finally, Educate users. Most malware attacks use social engineering. Education can be highly effective in stopping them. Your users don't need to be security experts. Asking them to follow these four rules can help keep them protected:
• Only click through to trusted sources when conducting searches, especially on topics with high attention.
• Never update "media player," "codec," or "Flash" when promoted by a site hosting videos or not affiliated with that application.
• Do not use P2P applications on business machines and be cautious on home machines as well.
• Do not click on links or attachments in spam e-mail or in e-mail messages from sources you don't know or trust.