[ insider_reports_insider ]
Zombies, How To Fight Them
SecurityProNews
Staff Writer
2008-11-12
 Insider Reports RSS Feed
Just so you're warned: If the zombies come back it could be your fault. "It is only a matter of time until the next W32/ZMist heads our way," premonishes McAfee's Vinoo Thomas. And it could all be because of something stupid.
 | | Zombies, How to Fight Them |  |
Thomas warns IT security may be so focused on the more sophisticated threats of the day-botnets, rootkits, and spyware-that they may be letting their guards down when it comes to good old-fashioned parasitic file-infectors out there in the wild. Such carelessness could result in "widespread damage to computer systems."
"We regularly come across simple parasitic infectors that manage to infect every workstation and server on the network," writes Thomas in a free whitepaper he presented at the 3rd International Conference on Malicious and Unwanted Software. "And administrators are at their wits' end trying to figure how the simplest of viruses managed to spread and infect every networked machine in so little time and with such stunning effect."
File-infecting viruses are on the rise, says Thomas, and they're getting more sophisticated, but IT administrators can avoid them with common sense practices. If for example an employee with low computer skills has managed to contract the simplest of worms, the virus is likely blocked from the company network for lack of administrator access to the network.
But what happens with apparent alarming frequency is IT administrators log onto the computer using their own account and password in order to address the employee's computer problem.
"[W]hen an administrator logs to the affected machine using their domain admin account, the worm now runs on the affected machine using the elevated credentials of a domain administrator. Straight away the worm can now infect and spread to any host on the domain using these newly acquired administrative credentials. And in a matter of minutes the entire network with thousands of machines gets infected-by the dumbest of worms. And all this because an ignorant administrator committed the cardinal sin of logging into an infected machine using their own account."
He uses lots of other condescending adjectives like "dumbest" and "hapless" in his whitepaper, too. But he also recommends a course of action that mimics systems in place at McAfee. Thomas proposes using area networks (VLANs) technology to mass deploy a SAMBA-based honeypot to the entire site. In addition, Thomas recommends setting up a server message block (SMB) based sniffer to capture file-infector activity.
Maybe then you won't be the hapless harbinger of network-brain-eating zombies.
About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
