Weak current College】 【malware threat types.

In recent years, the enterprise has been to fight against malicious software, but the threat is still evolving, where enterprises face the biggest problems is the personal information leakage. Attackers are widely deploy complex malware to steal a legitimate user's user name and password, they can be stolen in a variety of ways, including the user accidentally install malicious software, browser malware and eavesdropping attacks, etc.

For example, in November 2009, a security expert to use SSL (Secure Sockets Layer) Protocol vulnerability successfully gets Twitter user's login information, you will think that this attack doesn't hurt, but think about how many people will use the same password as the Twitter account online banking login password? how many business users will use the same password to login to enterprise domain? these various forms of malicious software may through various methods throw security leakage.

Another attack vector was recently reported by using the browser for SSLVPN malware to landing has been made landfall in the browser. This type of attack uses the most SSLVPN browser-homologous policies interact, so can easily lead users into revealing passwords, when they use the browser landing Enterprise mailbox account.

Another type of malware-related threats involving targeted phishing attacks. We see more and more the attacker by sending a specially crafted phishing e-mail information to attack users, these e-mail messages may contain malicious software (to be installed on the user computer) or a malicious Web site links. It can be said that these phishing attacks of highly focused for the average user it is very difficult to detect, the latest test proved that contain fake social sites link really able to successfully make the user click and install malicious software.

Finally, information theft is mainly related to the new generation of malware attacks. Like Clampi and Zeus such viruses can take the initiative to steal information, and you can steal any attacker information of interest. For example, they can steal login to online banking user name and password, or worse, they can create hidden transaction, allowing users the money go to attacker-controlled bank account number. Traditional authentication solutions (such as tokens and smart cards) for preventing such attacks are not available.

Prevent malware threats in four steps

Mainly in the following four steps can help you prevent an enterprise malware threats:

First step: deploy Enterprise anti-malware solution

As malware is becoming the core of the security mechanism, the enterprise should deploy their own anti-malware solutions, and since most malware will directly affect the user's computer, the security key should be the enterprise each user's computer.

In addition, because the remote access technology is everywhere, remote users should also be deployed in the same security measures, the best is for remote user deployment complete endpoint security solutions, including patches and firewall management and anti-malware program. Finally, you can consider deploying intrusion prevention system (IPS) to block and prevent some caused by the remote user.

The second step: timely repair

Because of the security technology changing, enterprises should keep enterprise systems update status, for example, you can for a staff member concerned about CERT warnings and vulnerability label for any updated information, maintain enterprise systems timely repair can significantly reduce security risk. Of course sometimes vendor fixes may be relatively late, but timely repair patch is a security best practice.

Step 3: Deploying strong authentication mechanisms

Many enterprises are relying on a single attack validation attack, traditional phishing attacks, keyboard logging attacks and above is the Twittr attacks. These attacks mainly lies in the theft of personal information (user name and password), that information will be used to log the user's account. Deployment of additional authentication mechanism to fend off these attacks, for example by requiring users to use their own stuff (safety equipment) or fingerprints, and so to validate your identity. Deployment of multifactor authentication systems are usually protected from all forms of attack.

Because these attacks can obtain information, such as user security answer, additional authentication based on the information does not provide extra protection, a digital certificate is the same reason, since these messages are easy to copy or steal, do not protect against these attacks.

Now select authentication solution is a best practice, select one of the band two-factor system, because now the malware has been able to attack the traditional in-band dual-factor system. Also, consider adding biometric authentication factors, mixed voice, fingerprints or any other three-factor authentication system. By using separate channels (such as telephone network) to the second layer of validation, can also help avoid installation on a user's device of malicious software.

Step four: use communication verification

If you work in a Bank, you should note that a new malware threats, this form of attack and then waiting for login via SSL channels in user unknowingly send selected transactions to the attacker.

These attacks can be traded through an out-of-band authentication system to resist, regardless of the user when initiating a transaction (or just the selected transactions), the Bank will automatically call the phone number of registered users, will prepare transaction details to tell the user if the user approval to continue with the transaction, this can prevent malicious software, malicious behavior.