The future of malware: Trojan horses

Discussion in 'malware problems & news' started by ronjor, Oct 13, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
    Article
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    One of the basic rules regarding spam-emails is NOT TO OPEN any email-attachment from an unknown source. I don't even open these spam-emails and delete them immediately and automatically after closing Thunderbird.
    Personally, I don't see these "Targeted Trojan Horses" as a serious threat.

    Companies better collect all received emails in one place and distribute the real emails from there, done by a knowledgeable employee, while spam-emails are ignored, deleted and not distributed of course.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Interesting article, ronjor!

    Left unsaid is how some organizations have significantly reduced malware attacks.

    From the article:

    I spoke recently with the Systems Administrator at a local educational institution who shared with me some interesting thoughts.

    Hundreds of Office documents are used daily on campus, of course. Tricking the victim is still the most common entry point for malware, he told me. If faculty and staff have effective protocols in place, no one will open an unsolicited Office document (or any such email attachment), and will know ahead of time from the sender that a document is on the way.

    Those who read the sans.org bulletins will have heard this message at least as far back as the Sober worms.

    This campus does employ AV and SPAM protection on the network for filtering incoming email -- and it is pretty effective -- but does not rely on that as the stopgap. More secure procedures are in place on the workstations.

    A roll-back and/or imaging system is a must, the Administrator stressed. (This institution uses Deep Freeze to protect the operating systems/registries.)

    In the past year, there have been =zero= infections by malware campus-wide.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Indeed, rollback is a MUST, because the days of the simple malwares are OVER. I use a frozen snapshot as rollback, but there are other ways to do it of course.
    The BBC Honey Pot was restored with rollback, because they couldn't fix it with the classical methods.
     
Loading...
Thread Status:
Not open for further replies.