Malicious Code Awareness by ame19863

VIEWS: 8 PAGES: 17

									Malicious Code Awareness

    Virus Defense for Users


      Created: October 2004


                              1
          Malicious Code Awareness Training


Why Virus Awareness Training?
 Viruses threaten all information systems.


          This training will provide all users:
          • Enough data to make informed
            decisions about viruses
          • An understanding of criminal tactics
            used to infiltrate computers


                                                   2
              Malicious Code Awareness Training


             Critical Thinking
• Am I expecting this attachment?
• Is this the normal format of this file?
• Is my antivirus software running
  correctly?
• My machine seems slower than
  normal, should I report it?


                                                  3
    Malicious Code Awareness Training


Is My Machine a Target?
   Yes
   • Viruses do not discriminate
   • Every organization is a target of
     criminals at some point
   • Any machine that houses financial
     information (reports, personnel data,
     credit card numbers, etc.) is a target

                                              4
      Malicious Code Awareness Training


How Can I Be Targeted?
Email
• Email should be considered suspect
  unless digitally signed by someone
  you know
• Email “spoofing” is very easy, do not
  trust “From:” fields



                                          5
       Malicious Code Awareness Training


      Email Attachments
EXE    • Delete any attachment that you are
         not expecting
PIF
       • Do not open files of any type that are
COM
         not anticipated (even if they appear
BAT      to be harmless)
SCR
VBS
JPG
                                              6
             Malicious Code Awareness Training


                     Scams
• Also known as “phishing” attempts
• Do not follow requests for personal info in email
• Do not trust links printed in messages, they may
  not lead where they appear to




                                                      7
Malicious Code Awareness Training


  Email Review
• No part of an unsigned, unexpected
  email should be trusted without
  investigation
• “From,” Subject, and Message body
  can be easily crafted to fool anyone



                                         8
 Malicious Code Awareness Training


What Should I Do?

 • Be suspicious of any unexpected,
   unverifiable email, regardless of
   apparent source
 • Report/forward all suspicious email
   messages to security personnel



                                         9
          Malicious Code Awareness Training


          Network Worms
          Viruses that spread without user
MyDoom      intervention (without opening a file)
Sasser
Blaster   • Worms exploit system vulnerabilities
            to gain unauthorized computer
Klez
            access
          • Often create noticeable slowdowns
            on host systems
                                                10
                 Malicious Code Awareness Training


           What Do I Watch For?
• Report the presence of any
  suspicious file found on network
• Reports of widespread virus activity
   – Such as the reports of Blaster & Sasser
• Any abnormal system condition that
  cannot be explained:
   – Network access extremely slow
   – Computer hard drive is constantly in use

                                                     11
   Malicious Code Awareness Training


Nefarious Web Content
   • Spyware/Adware prominent on the
     Internet
   • Often allows additional unwanted
     software to enter PC
   • Threatens internal data as well as
     normal network operations
   • Can come from anywhere

                                          12
      Malicious Code Awareness Training


 What Do I Watch For?
• Random pop-ups, especially
  advertisements for random products
• Changes in normal web browser
  routines
   – New Home page at startup
   – Unknown toolbars/icons
• New applets in the System Tray
  (next to the clock)
                                          13
 Malicious Code Awareness Training


Spyware Reporting
 • Document all suspicious Internet
   activity
 • Report all unknown configuration
   and software changes to security
   personnel
 • Do not just “put up with” random
   advertisements and redirections


                                      14
       Malicious Code Awareness Training


      Normal Vigilance
• Don’t visit web sites unassociated with
  work topics
• Periodically check that antivirus
  signatures are current
• Be aware of any new/suspicious files or
  folders that appear on your machine or
  servers


                                            15
             Malicious Code Awareness Training


     How Do I Avoid Malware?
• Do not download or install any
  software from the Internet without
  direction from network support
• Do not open email/attachments from
  unknown sources
• Do not open unexpected/verified
  attachments


                                                 16
       Malicious Code Awareness Training


Report All Suspicious Activity

      Information Assurance Team:




             http://www.infectionvectors.com



                                               17

								
To top