Malicious software is called a malware and malware may include viruses, worms and trojans. A virus is a piece of code which is capable of replicating itself and mainly it depends on a host file (a document) to reach its target. However worm does not rely on the host file to reach the target but it does replicate. Main property of Trojan is concealment of code and ultimately used to get control of target system.
Modern day malware Stuxnet can manipulate Programmable Logic Controllers (PLCs) of critical infrastructure. Industrial Control System (ICS), SCADA, and manufactruing insdutry infrastructure is controled by the PLCs. Another malware, named Duqu, Flame by its discoverers, is similar to Stuxnet in many respects. Like modern trojans Duqu communicates with a command and control server in encrypted form which gives you an idea of sophistication to develop this malware. In the past year the discovery of the Stuxnet malware ā and subsequently of the Flame, Duqu and most recently Gauss malware ā has brought the issue of state-sponsored cyberwarfare into sharp focus in security community which are simply known as modern day (WMD) weapon of mass destruction.
The discovery of these modern day malware caused an uproar among the security community when it was found that these malware had been specifically designed as a highly targeted industrial espionage tool. Perhaps this create a frenzy out there to deveop these kind of tools but that bring out some questions which I’m unable to answer. Is it legal for a state to develop these tools? Is it legal for a state to use these tools in offense? do we have any international charter on the legality of these tools, otherwise Stuxnet, Duqu and Flame may set a wrong legal precedence of what’s good for the goose is good for the gander.
Main sources of malware infection may be USB drive, CD Rom, internet and unaware users but basically malware can install itself on your computer by simply visiting an infected/implanted website (pirated software, web sites with illegal content)
An organization should perform a comprehensive risk assessment on their malware policy to determine if they will accept the risk of adobe attachment and other executable files to pass through their perimeter gateway. Organization may need to consider all the possible sources of malware threats in their risk assessment which may include but not limited to spyware.
Malware Controls:
ā¢ High level formal malware policy and procedure. There should be a formal policy and procedure for USB drives if risk assessment determines that USB drive risk is not acceptable to business. Then there is a need to implement a control (policy, procedure, technical or training) or multiple of these controls to mitigate this risk to acceptable level.
ā¢ Anti-Virus policy which makes it mandatory to install, and signature file updates should take place on a regular interval (daily)
ā¢ Patch policy for all the latest patches, fixes and service packs that are published by the vendors
ā¢ Regular audit or review of anti-malware software and data file on the system
ā¢ All email attachment, software downloads should be checked for malware at the perimeter and adobe attachment and executable treated based on the risk assessment (drop, pass)
ā¢ User awareness training to possible infected email, spyware and infected website
ā¢ There should be a business continuity plan to recover from a possible malware attack
Related Books
Malware Titles from DISC InfoSec Store
Anti-Malware Software from DISC Infosec store
Anti-Virus software from DISC InfoSec Store
Anti-Malware Titles from eBay
Free Online Virus Scan
Norton Virus Scan | McAfee Virus Scan | Analyze suspicious files