Click the banner for the site map of NoticeBored.com, the information security awareness service
NoticeBored this month

Malawareness

Introduction and scope of the topic

02 NB malware poster W 350For about three decades since the Creeper virus and Morris Worm, malware (malicious software) has plagued IT users and disrupted legitimate use of computer systems and networks.  The mechanisms used by malware to infect new hosts and the nature of the payloads (the ‘business end’ of malware) vary widely and evolve constantly, making it a challenge even to categorize let alone protect against current malware.

To give a flavor of what’s in this month’s awareness materials, here is an outline of the main malware types covered:

  • Virus: malware that attached itself to other programs or data files in order to spread, usually by user activity;
  • Worm: malware spreads automatically through networks, typically by exploiting security vulnerabilities in common networking software;
  • Trojan (Trojan horse): malware program that appears to be something useful (such as a screensaver or Adobe Acrobat PDF file), but in fact is malicious (e.g. secretly capturing the user’s keystrokes for identity theft);
  • Privacy-compromising malware: disrespects the users’ privacy in some way, typically for commercial reasons e.g. targeted advertising;
  • Time bomb, logic bomb: malware that waits to be triggered at a certain date and time, or by a specific event, and then does its evil deed (e.g. “The City of Norfolk, Virginia is reeling from a massive computer meltdown in which an unidentified family of malicious code destroyed data on nearly 800 computers citywide. The incident is still under investigation, but city officials say the attack may have been the result of a computer time bomb planted in advance by an insider or employee and designed to trigger at a specific date.” Source: Krebs on Security);
  • Backdoor: malware that allows hackers to access the machine without using the normal user authentication process;
  • Rootkit and exploit kit: collections of utilities that allow hackers to exploit system vulnerabilities, penetrate systems deeply, take full control and yet (hopefully) remain undetected.

Of particular concern is the fact that while early malware was on the whole rather innocuous and obvious, today’s variants cause substantial financial/commercial/personal impacts while mostly remaining hidden.  The malware threat has become both insidious and significant.  Many information security surveys in the past decade or so have pointed out the trend, while news headlines about identify theft, industrial espionage and commercial sabotage often intimate that malware was used to perpetrate the crime.

Find out more about the topic in the latest NoticeBored security awareness newsletter, including our analysis of the risks.  Find out through the awareness materials how cryptography addresses the risks outlined in the newsletter.

Awareness materials supplied in the module

 

Outline of the contents

The March NoticeBored security awareness module is packaged and delivered as a single 30Mb Zip file containing the original Word, PowerPoint, Visio, JPG and SCR files described above and shown on the directory listing below.

 

Unlike many of our competitors, we don’t just deliver encrypted Adobe Acrobat files or charge a premium to customize the materials for you.  We deliver electronically at the speed of light, rather than pre-printed materials that take forever to arrive in the post.  Our customers can choose which items to use, customize them to their hearts’ content and distribute them freely to their employees.

Files included in the module

Files provided in the zip

NoticeBored is for you, yes you!

If this brief outline of our latest awareness module intrigues you, why not contact us to evaluate NoticeBored?  We’ll send you the contents of a complete module, plus an evaluation license for you to try them out.  There’s no commitment or charge to evaluate.  Find out what makes NoticeBored different and discover what led ENISA to describe us as “best practice experts” in security awareness.  We can even help you build a budget proposal to invest in a security awareness program.  When finances are tight, remember that awareness is the most cost-effective form of security.  A dollar spent on security awareness achieves much more than a dollar spent on security technologies such as firewalls, antivirus controls and suchlike.  Alert, security-aware employees who appreciate the symptoms of security attacks or incidents and know how to respond are far less likely to succumb.  Make security everyone’s business with NoticeBored.
NB home > NB this month >

Copyright © 2010  IsecT Ltd.