Combating file infectors on corporate networks

Combating file infectors on corporate networks

In this age of botnets, rootkits, spyware, and other bleeding-edge security threats, file infectors are frequently thought of as a dead threat. But during the past year or so, we have observed an unprecedented growth in classic file-infecting viruses that have enjoyed a relatively high degree of suc...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Thomas, Vinoo, Jyoti, Nitin
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Application specific processors
Computer viruses
Computer worms
Costs
File servers
Internet
Local area networks
Network servers
Payloads
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this age of botnets, rootkits, spyware, and other bleeding-edge security threats, file infectors are frequently thought of as a dead threat. But during the past year or so, we have observed an unprecedented growth in classic file-infecting viruses that have enjoyed a relatively high degree of success in the wild - causing widespread damage to computer systems. Many of the new viruses seen today aren't advancements in their own right; rather, they have just taken advantage of advancements in technology. And the sophistication of infection techniques and vectors used by viruses these days are on the rise. With a recent increase in network file-infecting viruses, it's high time we revisit the traditional techniques used to detect virus-like activity on the network and improve them. This paper proposes using virtual area networks (VLANs) technology to mass deploy a SAMBA based honeypot to the entire site. We also look at setting up a server message block (SMB) based sniffer to capture file-infector activity on the local area network. The proposed solutions are scalable, cost effective and were internally implemented at McAfee Avert Labs.
DOI:10.1109/MALWARE.2008.4690862