 |
|
Malware Threats
The first step toward containing the spread of malware is to understand the various technologies and techniques that malware authors can use to attack your computer. Malware threats directly target both users and computers. However, it is also important to know that the majority of threats come from malware that targets the user rather than the computer. If a user with administrator-level user rights can be tricked into launching an attack, the malicious code has more power to perform its tasks. Such an attack can frequently cause
How Does Malware Get In?
Malware uses many different methods to try and replicate among computers. The following table lists common malware threats to organizations and provides examples of tools that you can use to mitigate them.
Malware Threats and Mitigations
E-mail E-mail is the transport mechanism of choice for many malware attacks. • Spam filters
• Real-time antivirus and antispyware scanners
• User education
Phishing Phishing attacks try to trick people into revealing personal details such as credit card numbers or other financial or personal information. Although these attacks are rarely used to deliver malware, they are a major security concern because of the information that may be disclosed. • Spam filters
• Pop-up blockers
• Antiphishing filters
• User education
Removable media This threat includes floppy disks, CD-ROM or DVD-ROM discs, Zip drives, USB drives, and memory (media) cards, such as those used in digital cameras and mobile devices. • Real-time antivirus and antispyware scanners
• User education
Internet downloads Malware can be downloaded directly from Internet Web sites such as social networking sites. • Browser security
• Real-time antivirus and antispyware scanners
• User education
Instant messaging Most instant messaging programs let users share files with members of their contact list, which provides a means for malware to spread. In addition, a number of malware attacks have targeted these programs directly. • Real-time antivirus and antispyware scanners
• Personal firewall
• Restrict unauthorized programs
• User education
Peer-to-peer (P2P) networks To start file sharing, the user first installs a client component of the P2P program through an approved network port, such as port 80. Numerous P2P programs are readily available on the Internet. • Real-time antivirus and antispyware scanners
• Restrict unauthorized programs
• User education
File shares A computer that is configured to allow files to be shared through a network share provides another transport mechanism for malicious code. • Real-time antivirus and antispyware scanners
• Personal firewall
• User education
Rogue Web sites Malicious Web site developers can use the features of a Web site to attempt to distribute malware or inappropriate material. • Browser security
• Pop-up blockers
• Antiphishing filters
• User education
Remote exploit Malware might attempt to exploit a particular vulnerability in a service or application to replicate itself. Internet worms often use this technique. • Security updates
• Personal firewall
Network scanning Malware writers use this mechanism to scan networks for vulnerable computers that have open ports or to randomly attack IP addresses. • Software updates
• Personal firewall
Dictionary attack Malware writers use this method of guessing a user's password by trying every word in the dictionary until they are successful. • Strong password policy
• User education
From a security perspective, it would seem best to block all these malware transport methods, but this would significantly limit the usefulness of the computers in your organization. It is more likely that you will need to allow some or all of these methods, but also to restrict them. There is no single anti-malware solution that will fit all organizations, so evaluate the computer requirements and risks for your organization, and then decide how best to defend against malware that attempts to exploit them.
