El malware: Mantener la seguridad de su empresa en el interior
Page Article
Threats are continuously evolving but your firewall protection may not. Now
is the time to look beyond traditional network security and incorporate
protection against malware and exploits that pass through PCs and mobile devices
when users browse the Internet, send or receive an email, and download
applications.
Estos planes incluyen:
Extorsión - Bloquear o interrumpir los ordenadores, y luego cobrar dinero para
para deshacer la interrupción. A menudo, estos ataques adoptan la forma de un escaneo
escaneo del ordenador y la venta de un software "antivirus" igualmente inútil. Esta técnica de
Esta técnica puede utilizarse para obtener información de tarjetas de crédito. A veces el
software adquirido es un "software de miedo" que impulsa compras adicionales o
continúa exigiendo pagos de "suscripción".
Theft - Stealing electronic assets. These can include personally
identifiable information (identity theft) from employee or customer records;
financial account information and passwords; proprietary trade and business
assets that can be sold to competitors; email accounts, including address
books, to be used for spam mailings (from seemingly trusted sources); and even
computer resources themselves (zombies) which are controlled by the criminals
for everything from spam mailing to hosting pornography.
The software which enables these crimes is categorized as malware. As
worrisome as malware is—and it continues to get worse—there are
straightforward and extremely effective ways to address it. But first, know
your enemy. Typical malware consists of six main types—viruses, worms,
Trojans, spyware, adware, and rootkits.
Virus
Probably the best-known type of malware is the virus. Computer viruses have
been around for decades, however, the basic premise has remained constant.
Typically designed to inflict damage against the end user, computer viruses can
purge an entire hard disk, rendering data useless in a matter of moments.
Just as biological viruses replicate themselves when infecting a host cell,
computer viruses will often replicate and spread themselves through an infected
system. Other types of viruses are used for ‘seek and destroy’ where specific
file types or portions of the hard disk are targeted. Criminals conducting
cyber-thefts will often unleash a virus on penetrated systems after extracting
the desired information as a means of destroying forensic evidence.
Computer viruses were originally spread through the sharing of infected
floppy disks. As the technology evolved so too did the distribution method. Today,
viruses are commonly spread through file sharing, web downloads, and email
attachments. In order to infect a system, the virus must be executed on the
target system; dormant computer viruses which have not been executed do not pose
an immediate threat. Viruses typically do not possess any legitimate purposes
and in some countries are illegal to possess.
Gusanos
Computer worms have existed since the late 1980s but were not prevalent
until networking infrastructures
within organizations became common. Unlike computer viruses, worms have the
capability of spreading themselves through networks without any human
interaction.
Once infected by a worm, the compromised system will begin scanning the local
network in an attempt locates additional victims. After locating a target, the
worm will exploit software vulnerabilities in a remote system, injecting it with malicious code in order to complete the compromise.
Due to their means of attack, worms are only successful at infecting systems on
the network which are running specific operating systems. Worms are often viewed
more as a nuisance than a real threat. However, they may be used to spread other
malware or inflict damage against target systems.
Troyanos
Like viruses, Trojans typically require some type of user interaction in
order to infect a system. However, unlike most worms and viruses, Trojans often
try to remain undetected on the compromised host. Trojans are small pieces of
executable code embedded into another application. Typically the infected file
is an application the victim would use regularly (such as Microsoft Word or
Calculator). The goal is for the victim to unknowingly execute the malicious
code when launching an otherwise innocent program. This often results in Trojans
infecting a system without triggering any type of notification. There are
several types of Trojans, each fulfilling a different purpose. Some Trojans are
designed specifically to extract sensitive data from the infected system; these
types of Trojans typically install keyloggers or take screenshots of the
victim’s computer and automatically transmit the information back to the
attacker. Other, more dangerous “remote access Trojans” (RATs), will take
control of the infected system, opening up a back door for an attacker to later
access. Remote access Trojans are typically used in the creation of botnets.
Spyware / Adware
Like some types of Trojans, spyware is used to collect and relay sensitive
information back to its distributor.
Spyware typically is not malicious in nature. However, it is a major nuisance,
typically infecting web browsers, and making them nearly inoperable. Spyware is
often used for deceitful marketing purposes, such as monitoring user activity
without their knowledge. At times, spyware may be disguised as a legitimate
application, providing the user with some benefit while secretly recording
behavior and usage patterns.
Like spyware, adware is a major nuisance for users. But it is usually not
malicious in nature. Adware, as the name implies, is typically used to spread
advertisements providing some type of financial benefit to the attacker. After
becoming infected by adware, the victim becomes bombarded by pop-ups, toolbars, and other types of advertisements when attempting to access the Internet. Adware
usually does not cause permanent damage to a computer. However, it can render
the system inoperable if not removed properly.
Rootkits
Arguably the most dangerous type of malware is the rootkit. Like remote
access Trojans, rootkits provide the attacker with control over an infected
system. However, unlike Trojans, rootkits are exceptionally difficult to detect
or remove. Rootkits are typically installed into low-level system resources
(below the operating system). Because of this, rootkits often go undetected by
conventional anti-virus software. Once infected with a rootkit, the target
system may be accessible by an attacker providing unrestricted access to the
rest of the network.
Saber cuándo se tiene un Malware en el tráfico de la red o en un ordenador
hace notar su presencia de una de estas tres maneras:
- La "firma" es una huella digital o un patrón en el archivo que puede ser
reconocer por un sistema de seguridad de red, como un cortafuegos, incluso antes de que llegue
llegue a un ordenador. Si un archivo de este tipo llega a un ordenador, el software
software antivirus/antimalware de la máquina debería detectarlo.
- Un tipo de archivo sospechoso que aparece fuera de contexto, como un ejecutable (.exe)
o un valor del registro oculto en un archivo comprimido como un .zip.
- comportamiento; incluso un rootkit puede revelarse cuando "llama a casa" al
operador que lo controla. Si este comportamiento es anormal -por ejemplo, en
volumen o la hora del día-puede ser un indicador de un sistema comprometido.