Monday, January 10, 2011

Common Ways of Malicious Code

Introduction


As of 2010, there are nearly three million unique forms of known malicious code, and thousands of new ones are discovered daily. The risk of being infected is greater than ever. The damage caused by an infection can range from a minor annoyance to a catastrophic disaster. The old wisdom continues to ring true: an ounce of prevention is worth a pound of cure.

Most computer users are aware of the importance of security to reduce the threats that could potentially harm a computer or network. For example, anti-virus and anti-spyware are essential defenses in the war against malicious code. However, technology cannot compensate for poor and risky behavior. Thus, proper training and understanding, along with behavior changes, are needed to facilitate a reduction of malicious code infections.

10 Common ways malicious code can reach our private network that we need to be aware of:

1.EMAIL ATTACHMENTS:

Attachments to e-mails are a common method of distribution of malicious code. E-mail is inherently insecure due to its use of SMTP, a plain text-forwarding protocol, and its lack of strong authentication of message senders.The source of an e-mail address can be easily spoofed or falsified as someone that you trust. Often, this alone is enough to trick a recipient into opening an attachment.Generally, avoid using attachments as a means to exchange files. Instead, use a third-party file exchange system (such as DropBox, Box.net, Drop.io, MediaFire, Windows Live SkyDrive, Foldershare, RapidShare, MegaUpload,Dropload, YouSendIt, SendThisFile, etc.). Thus, when an attachment does arrive, it is suspicious for being abnormaland not the standard method by which common communications take place.If you receive an attachment and need to determine if it is legitimate, you still need to verify it before opening it. Create a new e-mail (do not reply to the message with the attachment) to the sender and ask for confirmation that they sent the file. Maybe even ask the filename, size, and hash value if you are really concerned. Or, call the person and ask if they sent you an attachment on purpose. If the sender does not confirm the attachment,DELETE it.

2.PORTABLE MEDIA:

Portable media includes any device that can store information. This includes optical discs (CD, DVD, HD-DVD,Blu-Ray, etc.), tapes, external hard drives, USB drives, and memory cards. Any storage device can support both benign and malicious content. The less you know about or trust the source of a device, the more you should be cautious about accepting the device and connecting it to your system. Any media from outside the organization should be highly scrutinized, especially if obtained from a questionable or unknown source.

A possible defense is to use a dedicated scanning system. Every new-to-you media can be scanned at this standalone system before it is used on any production system. Assuming the stand-alone scanner system is updated regularly, it will greatly reduce the risk of malware distribution via media. Another option would be to limit data exchanges to file sharing services that do not involve portable media.

3.VISITING MALICIOUS WEB SITES:

The Web browser is the primary tool used to interact with the Internet, which is a dangerous place. Thus, many threats breach our organizations’ defenses through this seemingly innocent client software. Popular and wellknown sites are generally not a significant threat; however, any site can be the victim of an attack, which in turn could leave you at risk.

Following hyperlinks sent to you by e-mail or chat could lead to malicious locations. Additionally, some search results might not lead to legitimate locations. Always be cautious about following Web links to domain names you don’t generally recognize.

It is difficult to always be aware of the reputation of a Web site are visiting, but you can reduce the risk by using an updated browser, limiting auto-execute features of mobile code, and running anti-malware scanners.

4.DOWNLOADING FILES FROM WEB SITES:

Even when visiting generally trustworthy Web sites, there may be additional risk if you elect to download content to your local system. Take ever greater caution when choosing to download material from any site. Seek out only those locations that are known to be safe and trustworthy. For example, download.com, managed by CNet,is a safe location to download software, because they test and verify every file available through their service.


5.PARTICIPATION IN P2P FILE SHARING SERVICES:

Concern over downloaded, malicious content grows when that code isobtained through a peer file-sharing system.This is not a condemnation of efficient, distributed transmission solutions, but rather the sources of the files exchanged through them. By not knowing or having control over the source of a file, it is possible that malicious code could be included along with the content being sought.

6.INSTANT MESSAGING CLIENTS:

One increasingly popular communication medium is that of IM or instant messaging. Through chat systems,especially those using installed software clients instead of Web interfaces, the exchange of files is possible. There
have been security breaches that allowed remote hackers to upload and/or download files through holes in IM client software. Even with a patched client, it is possible for a user to accept an offered file from an unknown
source or follow an offered hyperlink to a malicious Web site.

7.NEW DEVICES & PERIPHERALS:

A risk that is often overlooked due to its rarity is malware found on brand new devices, right out of their packaging.Mobile phones, digital photo frames, and even media players have been compromised during manufacturing,resulting in malware that makes its way to a customer’s computer. This has happened with a well-known,commercial, shrink-wrapped, anti-virus product.
Vendors often outsource the actual construction and pre-production of their products to external manufacturers and assemblers. When computer parts are the product being constructed, especially those with storage
capabilities, malware can make its way onto the new device while it is loaded with its software elements if the manufacturer’s system is infected. One way to reduce this threat is to not be an early adopter of a product nor the first to grab an updated version of an existing product. Give the rest of the market a few days or weeks to discover malware and other concerns before adding the new device or peripheral to your repertoire.

8.SOCIAL NETWORKING SITES:

Social networking sites offer up several situations that could allow malware to make its way onto your network.First, there are the social engineering attacks that trick users into accepting fraudulent information that, when acted upon, could compromise an account or the security of a computer. Second, with the proliferation of message posting and exchange services, it is easy to follow hyperlinks to malicious Web sites. Third, some in-site applications, written by malicious entities, attempt to hijack accounts or distribute malicious code.

9.SOCIAL ENGINEERING ATTACKS:

Social engineering is the art of convincing someone to either give up information or perform a task that results in the reduction of security. Large organizations are the most common targets of social engineering attacks;however, mass e-mail-based attacks could show up in anyone’s inbox.

Be aware that attackers are trying to trick you into following hyperlinks, downloading files, performing configuration changes, or typing in esoteric commands. Doing so could lead to the direct infection of your system with
malware.

10.NOT FOLLOWING SECURITY GUIDELINES & POLICIES:

The last and probably most significant cause of how or why malicious code reaches our private network, or even just your personal computer system, is by not following proper security guidelines and policies. Most organizations of moderate size have made the effort to design a secure infrastructure. This includes prescribing user access policies and providing at least some level of security awareness training.

Failing to abide by security guidelines or purposefully violating security policies will lead to compromised security, often the distribution of malicious code. Security policies are written and implemented for a reason –to reduce the likelihood of a security breach. If a worker fails to abide by the company security policy, they put themselves and the entire organization at risk.

Bypassing filters, using storage devices from outside resources, using unauthorized peripherals, blocking software updates, opening e-mail attachments, participating in unethical file exchanges, and using non-approved software clients are all security policy violations and increase the chance of malicious code infesting the organization.

Every organization and every individual has a vested interest in operating with common sense security guidelines.This will assist in reducing the risk of malicious code infection and allow the organization to be productive in accomplishing missions, goals, or sales, without having to spend resources on recovery.

As an IT respresentative task to do:
1.Write security policy.
2.Define the acceptable use policy.
3.Train users on how to perform their jobs within the confines of security.
4.Use automated tools to detect and defend.
5.Monitor the environment for abuse, misuse and compromise.



Source: Internet & Myself.

No comments:

Post a Comment