| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
AntiVirus Software
|
|
Spam
|
|
Worms
|
|
A Practical Guide to Enterprise Antivirus and Malware Prevention Viruses, worms, and Trojans, each of which has some unique characteristics, are starting to blend together in people’s perceptions as well as the way they behave. A virus can use worm-like logic to spread and also install a Trojan horse type program. The distinctions are also mostly lost on the IT professional trying hard to keep this software from impacting their network and end nodes. For the purposes of this paper, I’ll put them all together with the term malware. Malware has been getting much more prevalent and virulent, despite the fact that programs that counteract these undesirable applications have been getting better and better.
04/15/2004
|
|
I Thought We Had Virus Protection: The Mistakes that Made Us Vulnerable to the W32 SirCam Virus Computer security around our office used to be pretty lax. But with the threat of systems and data compromise we realized that we needed to have more than just an old 486 running Linux acting as a firewall and a few copies of Dr. Solomon (now McAfee's VirusScan Classic) to protect ourselves. The first step was to beef up our security against external threats with a packet filtering firewall and establishing a DMZ between our intranet and the internet. Next we selected VirusScan ASaP from McAfee to provide nearly real-time updates of virus signatures and consolidated management reporting. Finally, I was sent to the SANS Institute’s Security Essentials course to become our "security expert". Of course the most important thing I learned was that "I have a lot to learn and a lot to do".
04/15/2004
|
|
Detecting and Recovering from a Virus Incident There is an ongoing battle between the creators of computer viruses and malicious code and the firms creating software to prevent their actions. While antivirus firms are adding proactive technology to their software, when it comes to new types of viruses, they still largely depend on reacting to the actions of the virus creators. Short of dismantling your network, there is no way to totally protect your environment from the next new fast-spreading virus. This document lays out what information to gather and the steps to take in the event malicious code enters your environment. It assumes that you may not have in place all the tools or infrastructure necessary to deal with the intrusion effectively. It explains how to detect a virus if you are infected, what immediate response you should make, the stopgap measures you should put in place, how to approach the task of environment cleanup, and some long-term solutions.
04/15/2004
|
|
QAZ QAZ is a network worm. It infects “in the fashion of a companion virus”. It is a Win32 executable file written in C++. It first appeared in China in July, 2000 and by Aug 9, 2000, SARC had received over 70 submissions. Still this virus/Trojan is considered to be the basic vector in the Microsoft hack. There have been many papers discussing the major aspects of this companion virus and a compilation of several of these papers indicates that there may yet be surprises.
04/15/2004
|
|
A Virus and a Worm: Lessons Learned from SirCam and Code Red in a University Environment Viruses and worms are two types of malware that we heard a lot from in the summer of 2001. Two specimens, one from each of these forms of malware, were released a few days apart in July 2001, keeping security personnel busy and generating a lot of coverage in the press. In this text we will cover impacts felt and lessons learned from these two incidents in the university environment where the author recently started working as a computer security analyst.
04/15/2004
|
|
Computer Virus Policy, Training, Software Protection and Incident Response for the Medium Sized Organization The need to minimize damage to systems and productivity requires a “defense-in-depth” strategy of policy, user training, software protection and virus incident response. While large corporations often have an information technology department and human resources infrastructure capable of implementing a multiple defense strategy, medium-sized businesses, schools and other organizations with several hundred users may find themselves in a more reactive than proactive mode when it comes to computer virus protection, detection and recovery. This document outlines steps a medium-sized organization can take to create and implement a defense-in-depth strategy to protect resources against computer viruses.
04/15/2004
|
|
It's Time to Rethink your Corporate Malware Strategy Due to a variety of reasons which will be outlined in this paper, signature-based antivirus scanning is becoming largely ineffective as the main tool against newer varieties of malicious computer code. Scanning performed at the gateway and server level, while still valuable, is proving inadequate as well. It is becoming evident that behavior-based policy enforcement middleware, deployed at the edge of the corporate network (PC workstations), will be required in the near future to handle known and unknown threats. Unfortunately, the big players in this industry currently are not incorporating the required technologies into their product lines, nor does it appear that they will be doing so in the near future. IT managers wanting to utilize these technologies today will have to take a chance on the smaller security software vendors.
04/15/2004
|
|
SubSeven 2.2: New Flavor of an Old Favorite A new variation of a relatively old and powerful threat has rolled onto the Internet frontier. The latest version of an old hacker favorite offers more capabilities, functions and some very dangerous improvements. These new “improvements” make SubSeven (v 2.2) more difficult to defend against. In all types of war the rule holds true, know as much about your enemy as possible. This is the approach I have taken here. I tested SubSeven 2.2 in a lab environment on both, a typical Windows 2000 machine as well as a typical Windows 98SE machine.
04/15/2004
|
|
Virus Hoaxes - Are They Just a Nuisance? Virus hoaxes require little or no technical skill to initiate and are becoming as common as the virus problem itself. Should information security professionals be concerned about virus hoaxes? After all, it is commonly opinion that they are just a prank that doesn’t really hurt anybody. This paper aims to outline the risks and/or impact that virus hoaxes pose to an organization; provide some simple steps that can help organizations minimize the risk and / or impact of virus hoaxes; and discuss the dilemma that virus hoaxes create for organizations, and the potential future for virus hoaxes.
04/15/2004
|
|
Deconstructing SubSeven, the Trojan Horse of Choice Just as computers have evolved from existing as the property of a select few in corporate and governmental realms to being available to the masses for professional and private use, so have the methods and desires to misuse the technology they harness. Trojan horse programs like NetBus, Back Orifice and SubSeven have democratized hacking such that those who engage in the activity are no longer required to possess a comprehensive and often esoteric understanding of multiple operating systems, networking concepts and programming languages. The largest group of attackers, comprising over 95 percent of the hacker population, is referred to as "scriptkiddies," individuals with limited knowledge of operating systems and networks. They allow precompiled programs like Trojan horses to do the work for them, which afford hackers access to other computers to pilfer files, change settings or launch denial of service attacks.
04/15/2004
|
|
Page: 123 4 5678910 |
