SMEs most at risk from new methods of infection

(14/07/2009)

Malware-spreading vectors are being used to infect small and medium-sized businesses, allowing dangerous malware to enter a business’ network and compromise its security.

According to Viorel Canja, head of BitDefender Labs, Bucharest, many small and medium-sized business are potentially at risk because many don’t have the level of security necessary to prevent these vectors from being used to infect their networks. “Businesses need to be aware of these new and dangerous methods of infection and install a complete up-to-date anti-malware security solution,” says Viorel Canja.

The Conficker worm is the most recent example. This has spread to millions of computers by using multiple infection vectors, including Microsoft Windows RPC Service exploit, bruteforcing weak administrator passwords, and copying itself to removable drives.

A business network can be infected even when it is not connected to the Internet. The main risk is that malware can be brought into a business network by a single employee who accesses the Internet outside the office, gets infected, and brings the worm to work on a USB stick.

By using these vectors, cyber-criminals can harvest sensitive data quickly and easily. Once a network has been infiltrated, Trojans and adware listen to all the traffic carefully, filtering out online banking accounts, credit card details or computer-related data like OS version, hardware details, or software licenses. All this information is either sold or used for monitoring purposes in order to prepare for more targeted attacks. Examples for such e-threats are WhenU, SaveNow and Trojan.Banker.LCG.

Another vector currently being used to infect networks is the online scam website. Phishers set up replica websites that impersonate legitimate entities, and steal the user’s login credentials or trick the user into downloading applications on to their computers.

One recent online scam involved a website impersonating Facebook. The fake site was designed to look exactly like Facebook and contained a fake YouTube video. Once a user clicked on the video, it requested the user download an application called “Adobemedia11.exe” which was password stealing Trojan. The e-threat monitored FTP, ICQ, POP3 (email) authentication details and stole information from applications such as Outlook Express, MSN Explorer and the Autocomplete function. Most recently, the scam started to imitate a Bank of America Help page.

Small business networks are seldom prepared for these types of threats – the IT expertise and funding needed for mitigation is usually not available. Such threats are best met with integrated solutions that can provide safety from sophisticated e-threats, while remaining cost-effective and easy to manage.

"And this warning applies to a wide range of business sectors, says Nick Billington, BitDefender's UK Country Manager. "Credit card payment processors can be small and medium enterprises. Government contractors of all kinds, including those that work for the military, can be SMBs. IT security shouldn't be an afterthought but it shouldn't be a burden either.”

Related topics:  Hacking and intrusion prevention   Security management and policies   Security threats and vulnerabilities   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources