Malicious Code Awareness

1
Malicious Code Awareness

• Virus Defense for Users

Created October 2004
2
Why Virus Awareness Training?
Malicious Code Awareness Training
Viruses threaten all information systems.

• This training will provide all users
• Enough data to make informed decisions about
  viruses
• An understanding of criminal tactics used to
  infiltrate computers

3
Critical Thinking
Malicious Code Awareness Training

• Am I expecting this attachment?
• Is this the normal format of this file?
• Is my antivirus software running correctly?
• My machine seems slower than normal, should I
  report it?

4
Is My Machine a Target?
Malicious Code Awareness Training

• Yes
• Viruses do not discriminate
• Every organization is a target of criminals at
  some point
• Any machine that houses financial information
  (reports, personnel data, credit card numbers,
  etc.) is a target

5
How Can I Be Targeted?
Malicious Code Awareness Training

• Email
• Email should be considered suspect unless
  digitally signed by someone you know
• Email spoofing is very easy, do not trust
  From fields

6
Email Attachments
Malicious Code Awareness Training

• Delete any attachment that you are not expecting
• Do not open files of any type that are not
  anticipated (even if they appear to be harmless)

EXE PIF COM BAT SCR VBS JPG
7
Scams
Malicious Code Awareness Training

• Also known as phishing attempts
• Do not follow requests for personal info in email
• Do not trust links printed in messages, they may
  not lead where they appear to

8
Email Review
Malicious Code Awareness Training

• No part of an unsigned, unexpected email should
  be trusted without investigation
• From, Subject, and Message body can be easily
  crafted to fool anyone

9
What Should I Do?
Malicious Code Awareness Training

• Be suspicious of any unexpected, unverifiable
  email, regardless of apparent source
• Report/forward all suspicious email messages to
  security personnel

10
Network Worms
Malicious Code Awareness Training

• Viruses that spread without user intervention
  (without opening a file)
• Worms exploit system vulnerabilities to gain
  unauthorized computer access
• Often create noticeable slowdowns on host systems

MyDoom Sasser Blaster Klez
11
What Do I Watch For?
Malicious Code Awareness Training

• Report the presence of any suspicious file found
  on network
• Reports of widespread virus activity
• Such as the reports of Blaster Sasser
• Any abnormal system condition that cannot be
  explained
• Network access extremely slow
• Computer hard drive is constantly in use

12
Nefarious Web Content
Malicious Code Awareness Training

• Spyware/Adware prominent on the Internet
• Often allows additional unwanted software to
  enter PC
• Threatens internal data as well as normal network
  operations
• Can come from anywhere

13
What Do I Watch For?
Malicious Code Awareness Training

• Random pop-ups, especially advertisements for
  random products
• Changes in normal web browser routines
• New Home page at startup
• Unknown toolbars/icons
• New applets in the System Tray (next to the
  clock)

14
Spyware Reporting
Malicious Code Awareness Training

• Document all suspicious Internet activity
• Report all unknown configuration and software
  changes to security personnel
• Do not just put up with random advertisements
  and redirections

15
Normal Vigilance
Malicious Code Awareness Training

• Dont visit web sites unassociated with work
  topics
• Periodically check that antivirus signatures are
  current
• Be aware of any new/suspicious files or folders
  that appear on your machine or servers

16
How Do I Avoid Malware?
Malicious Code Awareness Training

• Do not download or install any software from the
  Internet without direction from network support
• Do not open email/attachments from unknown
  sources
• Do not open unexpected/verified attachments

17
Report All Suspicious Activity
Malicious Code Awareness Training

• Information Assurance Team

http//www.infectionvectors.com