Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Smaller businesses targeted by new malware delivery mechanisms

BitDefender UK : 20 May, 2009  (Technical Article)
Writers of malicious software are now capitalising on the reduced level of protection usually installed in smaller businesses to target this sector of the commercial community
Researchers at BitDefender have identified several new “malware-spreading vectors” -- methods that are being used to infect small and medium-sized businesses, allowing dangerous malware to enter a business’ network and compromise its security.

According to Viorel Canja, head of BitDefender Labs, Bucharest, many small and medium-sized business are potentially at risk because many don’t have the level of security necessary to prevent these vectors from being used to infect their networks.

“Businesses need to be aware of these new and dangerous methods of infection and install a complete up-to-date anti-malware security solution,” says Viorel Canja.

The Conficker worm is the most recent example. This has spread to millions of computers by using multiple infection vectors, including Microsoft Windows RPC Service exploit, bruteforcing weak administrator passwords, and copying itself to removable drives.

A business network can be infected even when it is not connected to the Internet. The main risk is that malware can be brought into a business network by a single employee who accesses the Internet outside the office, gets infected, and brings the worm to work on a USB stick.

By using these vectors, cyber-criminals can harvest sensitive data quickly and easily. Once a network has been infiltrated, Trojans and adware listen to all the traffic carefully, filtering out online banking accounts, credit card details or computer-related data like OS version, hardware details, or software licenses. All this information is either sold or used for monitoring purposes in order to prepare for more targeted attacks. Examples for such e-threats are WhenU, SaveNow and Trojan.Banker.LCG.

Another vector currently being used to infect networks is the online scam website. Phishers set up replica websites that impersonate legitimate entities, and steal the user’s login credentials or trick the user into downloading applications on to their computers.

One recent online scam involved a website impersonating Facebook. The fake site was designed to look exactly like Facebook and contained a fake YouTube video. Once a user clicked on the video, it requested the user download an application called “Adobemedia11.exe” which was password stealing Trojan. The e-threat monitored FTP, ICQ, POP3 (email) authentication details and stole information from applications such as Outlook Express, MSN Explorer and the Autocomplete function. Most recently, the scam started to imitate a Bank of America Help page.

Small business networks are seldom prepared for these types of threats – the IT expertise and funding needed for mitigation is usually not available. Such threats are best met with integrated solutions that can provide safety from sophisticated e-threats, while remaining cost-effective and easy to manage.

'And this warning applies to a wide range of business sectors, says Nick Billington, BitDefender's UK Country Manager. 'Credit card payment processors can be small and medium enterprises. Government contractors of all kinds, including those that work for the military, can be SMBs. IT security shouldn't be an afterthought but it shouldn't be a burden either.”

To stay up-to-date on news from BitDefender and the latest e-threats, sign-up for BitDefender’s RSS feeds

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo