A hot topic at the moment is one of malicious software… I stop short of calling it Viruses or Malware as it isn’t that clear cut anymore! What we used to know as Viruses and Malware have changed very much in the last couple of years. Whilst the authors of this software are using Virus type tactics to install the malware (Trojan Droppers), the software is far from what we (or unfortunately Virus software) recognise as a virus.
Just normal command line commands can cause untold damage to file systems. Normally, this would be confined to the local desktop, however, as some people still use mapped drives (S: Drive mapped to servershare), these malware programs see the mapped drives as local disks and infect them.
This then has two major consequences:
- Shared files get infected, deleted or sabotaged
- Other users’ machines get infected and so on. Some will be idle or benign, but some will cause havoc. This can include deleting data or infecting files and causing critical business data loss.
One of the main ways that these viruses get in is through web pages. These Trojan writers are renting advertising space on web pages. The issue with this is that if the web page is trusted, sometimes this can circumvent browser security measures and even allow malicious code to be executed without the knowledge of the AV software. This is because the code is being run within the browser in the context of a trusted page. This week, technical reports have been going around about an exploit of vulnerability in Java, which is a widely used programming language for applications, mainly browser based. This vulnerability, if the user goes to an affected web page and runs the program, will infect the machine with mostly undetectable malware which can log keystrokes and even delete/sabotage data.
Moving forward, the prognosis isn’t particularly good! The main issue is that these Trojan writers are one step ahead of the AV companies as there is always that window between what code gets out in the wild and the development time that the AV companies need to try and protect against it. Because of the speed that the malware propagates, it is very hard for the AV companies to keep up.
There are several ways to mitigate the risk of infection, but there is no fool proof way without using a lot of common sense and judgement. I am proud to say that I have never been a victim of infection, but the more I read, the more I wonder what the ratio of luck and judgement is!
Unlike the plain old viruses of yesteryear, these new ones are very difficult to protect against and very difficult to clean up the mess as to clean it up, you have to know how it started in the first place, and this is almost impossible to detect in most cases!
The most important thing is for ALL users to take responsibility for what they do on their machines, don’t rely on automatic virus programs, speak to your IT support company to make sure they are installed and working and use the PCs for business purposes only. It is when people bounce from page to page they stumble across and affected page and it is then too late and they can end up taking all their office offline as a result.
Lastly, when using social media, DO NOT be tempted to install APPS (like Facebook apps) just because they say that your friends use it… Chances are they not using it or they have been duped.