Malware requires defence in depth
The traditional method of defence against viruses (including malware and ransomware) has been to deploy antivirus software to sniff out various types of nasties. Mostly this works well, and has done for the last 20 or so years. However, the rise of malware and the use of phishing have enabled criminals to slip under the radar of many Antivirus solutions.
There are several very current examples in circulation at present. One is the Backoff malware[1]. This malware was first detected in November 2013. What it can do is infect Point of Sale (POS) terminals. Once infected, the malware can send back to its command and control centre details of credit and debit card numbers. This type of malware can be spread several ways, but the most popular method today is propagation via email.
Email propagation of a virus is not new of course. What is of concern, however, is how the virus has slipped through Antivirus software that should have detected it. It is only recently that AV vendors have made available patches to detect and remove malware. In the case of Backoff, part of the issue is the lack of encryption on the device, allowing credit card numbers to be extracted in plain text.
It is not just the stealing of data that can be a problem. On the 5/9/2014, Spark (New Zealand’s largest Internet Service Provider) started to come under a sustained DNS attack[2]. The cause of the problem turned out to be malware loaded onto several user computers. The malware was loaded when the user’s clicked on links promising to show nude pictures of Jennifer Lawrence. This malware was loaded onto a handful of user PCs, but it caused a massive slowdown in NZ internet access.
How can malware be stopped? Traditionally, Antivirus vendors would supply updated virus definitions to their products for viruses. This required the Antivirus vendor to be able to analyse the virus and then develop an detection string update. As mentioned above, Backoff took several months to be included in Antivirus products. Part of the issue was that Backoff was not recognised as being a virus affecting PC’s specifically.
One way to try preventing malware from being downloaded in an business environment is to educate and train staff to recognise likely email threats. This works most of the time, however a report released by McAfee shows that 80% of all users failed to detect at least one phishing email.[3] As Spark found out, it only takes a handful of PC’s infected with malware to launch an effective attack.
At MailShark, we contend that the best way to prevent malware infection via email is to stop the emails arriving in the users inbox. Email filtering can detect likely phishing emails and block them. A web interface is available, enabling business owners to check blocked emails, and if required, release them.
Antivirus is a good solution to many of the viruses that infect PC’s. It is not, however, always effective against malware. Email filtering can step up and fill in the gap.
[1] https://www.us-cert.gov/security-publications/Backoff-Point-Sale-Malware[2] http://www.itnews.com.au/News/391808,dns-attack-affects-nzs-biggest-isp.aspx
[3] http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2014.pdf