International Civil Aviation Organization 20/03/09
SATELLITE DISTRIBUTION SYSTEM OPERATIONS GROUP (SADISOPSG)
Bangkok, Thailand, 15 to 17 July 2009
Agenda Item 6: Development of the SADIS
6.4: SADIS Internet-based FTP Service
THREATS POSED BY MALICIOUS SOFTWARE
AND MITIGATING ACTIONS
(Presented by the SADIS Provider State)
This brief information paper outlines a recent threat posed by malicious
software on a SADIS FTP end-user system, and outlines simple preventative
measures that can be taken to mitigate the risks posed.
1.1 In February 2009, the Met Office identified that the client server of a SADIS FTP user
had been compromised by a Trojan horse (also known as a ‘Trojan’). A Trojan, in the context of
computing and software, is a form of computer malicious software (or ‘malware’) that appears to perform
a desirable function but in fact performs undisclosed malicious functions that can allow unauthorized
access to information on the machine or systems connected to the infected machine. The SADIS FTP
user whose IT security was compromised shall remain nameless; however it was an aeronautical met
service provider within the EUR region.
1.2 Whilst Met Office host systems and servers were not comprimised by the user-end
security breach (in lieu of up-to-date security protection), the client confirmed that their computer systems
had been subject to a number of IT security threats in recent months from unknown sources. The clients
SADIS FTP username and password had been compromised by a Trojan.
1.3 This brief information paper outlines the risks posed by such malware, and urges all
SADIS FTP users to ensure that their systems and servers have the most up-to-date security software
available to mitigate such risks.
2. THREATS POSED BY TROJANS AND OTHER
MALWARE AND MITIGATING ACTIONS THAT CAN
2.1 Malicious software on computing systems, particularly Trojans, can come in a variety of
forms, and there is no single method for deleting them. Trojans are almost always designed to cause harm
to an IT system, but they can also be harmless. Malicious Trojans conceal themselves in computer
programs and drop malicious payloads (script, code etc) on an infected computer.
2.2 Trojans are classed according to how they breach and damage IT systems. There are 6
main types of Trojan horse payloads, namely: remote access; data destruction; downloader; server Trojan;
disabling security software; and denial-of-service attack (DoS). Most Trojans hide in system registries
and processes. They may be left undetected for a considerable period of time if a user does not take some
simple preventative measures that could be considered routine IT ‘house-keeping’.
2.3 The simplest response to a threat involves the clearing out of temporary internet files and
deleting manually. Normally, up-to-date antivirus software is able to detect and delete malware
automatically, with no manual intervention required by a user. If antivirus software is unable to find the
threat, booting the computer from an alternative media such as a master CD may allow the antivirus
programme to identify and delete the threat before any damage is done.
2.4 Up-to-date anti-virus and anti-spyware software from a reputable company is by far the
most efficient mechanism to deter against the threats posted by malicious software. Such security
software does not need expensive or resource intensive. Many basic security suites can be obtained for as
little as $40 per year, including regular updates. A security suite will often sit in the background of an
operating system, quietly running and checking for real-time threats on the system.
3.1 Advances in IT continue a pace, with hackers finding ever more sophisticated ways to
compromise computer systems around the world. The threats posed by malicious software on IT systems
are very real and complacency is not an option or an excuse.
3.2 All SADIS FTP users are encouraged to ensure that their IT systems and servers that
connect to the host server have the most up-to-date anti-virus and anti-spyware software to mitigate the
risks posed by malicious software. Any user requiring further information should contact their local IT
3.3 Should the Met Office identify that a users SADIS FTP account has been compromised
by a Trojan or other such security threat, the account may be deactivated pending assurances that the
necessary security measures are in place on the clients systems/servers. Failure to provide such
assurances may result in the clients SADIS FTP account being permanently disabled.
4. ACTION BY THE SADISOPSG
4.1 The group is invited to note the information contained in this paper.
— END —