Latest Guidelines for Malware Detection

Posted on by Robert Moskowitz

securityToday's malware brings a wide range of threats that—without proper detection and defense—can wreak havoc on any computer system.

While various kinds of malware can get onto your system via the original manufacturer, information-seeking government agencies, and covert infiltrators, the vast majority of malware still comes over the Internet as software downloads.

Deceptive Downloads

Because a steady stream of advances in software security have made direct attacks difficult and expensive, cybercriminals are emphasizing deception to crack systems. Individual pieces of malicious software are attached to otherwise legitimate applications, utilities, or data files. They're frequently from sketchy sites, but some occasionally do come from seemingly innocuous sites.

Once the malware is downloaded and opened, it installs itself. Users who want to improve or upgrade their machines' capabilities or to access readily available information or entertainment, often lower their guard. While downloads from legitimate sites tend to be trustworthy, there are thousands of secondary sites that simply don't have the resources—or the motivation—to continually sweep corrupted files from their servers.

"Deceptive downloads" are currently ranked as a major threat in nearly every country and region around the globe. Google recently added the ability to detect and warn users about deceptive downloads to its Safe Browsing feature in the Chrome browser.

Such downloads include Trojans that displays fraudulent warnings about malware within the computer’s browser. Fake-AV changes the browser's default home page, installs hidden backdoors into any system it violates, and reports the unsuspecting user's Internet search results back to the attacker. These Trojans also set the infected computer to take part in remote-controlled click fraud campaigns against legitimate websites.

A second family of deceptive downloads pretend to be installers for legitimate software but actually steal or destroy the user's sensitive and/or valuable data.

The third set of malware utilize encryption, compression, anti-debugging, and anti-emulation techniques to hide from installed antivirus andsend keystrokes and data to the attackers.

Avoiding and Detecting Malware

With dangerous malware such as "Gameover Zeus" and "CryptoLocker" proliferating at an alarming rate, we need to put up strong defensive measures and regularly back up sensitive data before it can be corrupted. We also need to detect malicious software before any harm comes to your automated systems. As a first step, experts suggest limiting access to your systems by any software-installation services.

It's preferable to install software only from CDs and DVDs, since you know the source is trusted. Even so, the disks must be scanned by high-quality antivirus.

Train users to recognize the warning signs. For example, they should routinely check a website's SSL certificates, which should all be valid. Before approving any download from the Internet, Users should verify all files are downloaded over the HTTPS protocol.

Some malicious sites start a download automatically, without waiting for user input. Train users to be alert for automatic downloads and to cancel them immediately. In addition, reliable and comprehensive antivirus software should be configured to scan all incoming code, regardless of how "reputable" the source.

Another warning sign is a chain of nested links. Website redirects that bounce through a series of different domains is a favorite trick. Users should be wary of too-frequent redirects and should close their browser, lest they trigger a drive-by-download attack. Expand browser capabilities with add-ons such as HTTPS Everywhere and Web of Trust to diagnose the safety of every website. These protective measures can provide early warning that a given URL is likely to open a channel to a phishing site or a malicious downloader.

Users of Windows XP, which as of April 2014 is no longer supported by Microsoft, are extremely vulnerable to malware. They must take additional malware detection measures.  Criminals will try to infect the user computer with malware. It’s important to have defenses in place to keep them out.

Robert Moskowitz

, New Mobility Partnerships

hackers & threats anti-malware security operations

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs