|
Are
You Infected? Detecting Malware Infection
Once executed, malware can perform its intended malicious
function on a system. Unfortunately, it may not always be
apparent to users that their system is indeed infected. This
article will discuss how to determine whether or not the system
has been infected and will offer some tips on to manually
disinfect the system. Source: SecurityFocus.com (Feb
2003)
Behavioral
rules vs. signatures: Which should you use?
Many
security products on the market today detect
malicious attacks, but few take action to prevent
them. Even more confusing for IT and security
professionals is the debate over the best way to
detect and prevent hacking activity: signatures or
behavioral rules. Each approach has advantages and
disadvantages, but by combining the two,
enterprises can ensure that servers and data are
fully protected. Source: ComputerWorld (Feb
2003)
Combating
non-viral malware
Most people assume that AntiVirus software protects
us from malicious code, and, by and large, it does.
But there's a
huge category of unwanted code, against which it is
powerless: nonreproducing malware. Overburdened IT
security departments may consider these threats
insignificant compared to other priorities. But the
problem of nonviral malware is growing, and
defending against it is a nontrivial task. Source: InfoSecurity
Magazine (May 2002)
Computer
virus prevention: a primer
This white paper describes the current virus situation, common virus entry
points, procedures for preventing infection, types of anti-virus software, deployment and administration of
anti-virus software, and measures for recovering from a virus attack. Source: Sophos.com
(Aug 2000)
|
|
Content Scanning and User Education Help Reduce Virus Risks
If last week's ILOVEYOU virus caused your company major problems, read Jerry Cochran's advice on how you can prepare your systems for future similar attacks. Source: Windows & .NET Magazine (May 2000)
Dangerous E-Mail: Return to Sender
How active content made the Melissa virus and the ExploreZip worm possible Source: Network Magazine (Sept 1999)
Detecting
and Removing Trojans and Malicious Code from Win2K
The amount of malicious code directed at Windows
systems seems to be increasing on a continual curve
The purpose of this article is to recommend steps
that an administrator can use to determine whether
or not a Win2K system has been infected with
malicious code or "malware" and, if so,
to remove it. Source: SecurityFocus.com
(Sept 2002)
Do look this gift horse in the mouth
NEW!
Trojan horse programs masquerade as harmless applications,
concealing their destructive power. Doug Schweitzer offers
advice on how to protect your computer and what to do if you're
attacked. Source: ComputerWorld (March 17, 2003)
Email
security
This white paper provides useful background information
on email security issues. It will help you examine the security
threats facing your corporate email system and determine what
kind of email security solution your company needs. Source: GFI.com
Gaining
Insight from the Melissa Virus White Paper
Download this 352 KB document from the Microsoft Personal Online Support
site to review a multi-tier, seven-step approach for reducing
the risk of data loss and business disruption in the event of a
virus attack. The material for this document is based on lessons
learned from the Melissa virus.
How to Determine if Back Orifice 2000 Is Installed On Your System
Microsoft Knowledge Base Article: 237280 - This article describes how to determine if the third-party Back Orifice 2000 software (sometimes known as a virus - is installed on your computer.
How
to bamboozle a woozle
Network managers could be facing a new security nightmare
because of crackers' new network entrance, a special cookie
that silently taps data through the internet port. The
information it seeks can range from a simple inventory of
applications to a list of user identifications and
passwords. Source: Vnunet (March 24, 2001)
HOW TO: Configure Your Windows 2000 Server-Based Computer for Daily Virus Checks
Microsoft Knowledge Base Article: 298034 - This article describes a step-by-step procedure that you can use to configure your Windows 2000 Server-based computer for daily virus
checks.
How
ISA Server Can Be Configured to Help Prevent the
W32.Slammer Worm
This document discusses how the Slammer spreads,
where links to more details about patching your
servers, what ISA Server can do to help prevent
Slammer, and where to go for more
information.Slammer targets computers running
Microsoft SQL Server 2000, and computers running
Microsoft Desktop Engine (MSDE) 2000. The worm
sends 376 bytes to UDP port 1434, the SQL Server
Resolution Service Port. This large number of
packets results in a Denial of Service attack. The
worm only spreads as an in-memory process: it never
writes itself to the hard drive. Source: Microsoft.com
How to Protect Boot Sector from Viruses in Windows NT/2000
Microsoft Knowledge Base Article: 122221 - When you start your computer with a floppy disk that is infected with a virus, Windows NT is not capable of detecting it,
which is true with many operating systems. Some viruses, such as the FORMS virus, may infect the boot sector of your hard drive.
IBM Corporate Checklist
This checklist is for use handling a confirmed virus incident in a company setting. It will help you handle a virus outbreak. Make a copy of it and take it with you as you work on the incident.
INFO: Use Antivirus Software Before You Install Windows XP
Microsoft Knowledge Base Article: 317321 - Microsoft highly recommends that you use antivirus software before you upgrade your operating system to Windows XP.
Antivirus software scans your computer to detect and to fix
computer viruses. By taking these preventive measures, you can
avoid virus-related problems during your Windows XP upgrade.
This article describes how antivirus software works and includes
links to the Web sites of antivirus software vendors.
Java Security FAQ
Java can be a useful tool, but can also be used to write malicious applets that can wreak havoc. This FAQ by Sun Microsystems should clear up some of the major issues.
Managing
the virus threat
How do you keep all those antivirus programs updated across
thousands of desktops? There's no easy way, security managers
say, which leaves them scrambling -- and users vulnerable.
Source: ComputerWorld (May 2001)
Preventing
and Detecting Malware Installations on NT/2K
NEW!
This article addresses actions that NT/2K
administrators can take to prevent and detect malware (malicious software)
installations on their systems. By taking advantage of the inherent
capabilities of the operating system itself, administrators can prevent or
significantly hamper malware installations, and detect when such installations
occur. Source: SecurityFocus.com
Protecting
your network against email threats: How to block email viruses
and attacks
This white paper describes various methods used by email
viruses and worms to penetrate a protected network. Such methods
include attachment files containing harmful code, social
engineering attacks, crafted MIME headers, malicious use of
JavaScript and similar technologies. A URL is provided where you
can test whether your email system is vulnerable to threats like
these. Source: GFI.com
Stopping Infection: An AntiVirus Tutorial Part 1
A decent primer by Diane E Levine, President of Strategic Systems Management, from Planet IT September 1999. Part 2 is here
Strategies
& Issues: Thwarting Insider Attacks
Many organizations fail to adequately protect against internal
threats-often with calamitous consequences. Here are some
chilling numbers to help illustrate the problem: According to
InterGov (www.intergov.org),
an international organization that works with police agencies to
combat cyber crime, insiders commit about 80 percent of all
computer- and Internet-related crime, and these crimes cause an
average loss of about $110,000 per corporate victim. Source: Network
Magazine (Sept 2002)
The Evolution of 32-Bit Windows Viruses
The world of computer antivirus research has changed drastically since the introduction of Windows 95. One reason for this change is that certain DOS-based viruses that used stealth techniques and undocumented DOS features became incompatible with Win95. As a result, virus writers
took on the challenge of investigating the new OS and began creating new Win95-compatible DOS-executable viruses and boot viruses. Source: Windows & .NET Magazine (July 2000)
The Evolution of Malicious Agents
This paper examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet. Source: SecurityPortal (April 2000)
Understanding Virus Behavior in the Windows NT Environment
A must read article from Symantec
Why
anti-virus software is not enough: The urgent need for
server-based email content checking This white paper
explains why anti-virus software alone is not enough to protect
your organization against the current and future onslaught of
computer viruses. Examining the different kinds of email attacks
that threaten today's organizations, this paper describes the
need for a solid server-based content-checking solution to
safeguard your business against email viruses and attacks.
Source: GFI.com
Windows
Root Kits a Stealthy Threat
Hackers are using vastly more sophisticated
techniques to secretly control the machines they've
cracked, and experts say it's just the beginning.
Also known as "kernel mode Trojans," root
kits are far more sophisticated than the usual
batch of Windows backdoor programs that irk network
administrators today. In contrast, a root kit hooks
itself into the operating system's Application
Program Interface (API), where it intercepts the
system calls that other programs use to perform
basic functions, like accessing files on the
computer's hard drive. The root kit is the
man-in-the-middle, squatting between the operating
system and the programs that rely on it, deciding
what those programs can see and do. Source: SecurityFocus.com
|
