Tag Archives: Kapersky Labs

About 915 days ago Spyware and Malware

Malware Takes Aim at USB Devices

our beautiful site

A USB drive is such a handy, inexpensive way to transport information that technology research analyst Gartner estimates 222 million USB devices shipped last year. But in some instances, those devices transport trouble as well. Small businesses in particular are paying a price for the convenience of using USB drives. As we grow more savvy to malicious attacks via e-mail and other avenues, cybercriminals are turning to USB drives to distribute malware. According to research by Panda Security, a whopping 25 percent of malware today is developed to disseminate through USB devices.  The top two threats in security provider BitDefender’s most recent E-Threats report are spread through USB drives. “Just these two viruses account for 17 percent of the total number of malware apps in the world,” says Catalin Cosoi, head the Online Threats Lab for BitDefender. BitDefender is also seeing new samples of malware distributed via USB drive. “Most hackers are lazy and don’t want to spend hours and hours trying to hack secured computers,” Cosoi explains. “If they can attack an easy target with just a few clicks, they will do that. Spreading malware through USB devices is just as easy as it sounds.” Why you might be vulnerable The risk posed by malware-infected USB drives isn’t limited to small and mid-sized businesses. IBM apologized after distributing infected drives at an Australian security conference earlier this year. However, experts say small businesses are vulnerable because of these factors: Older operating systems. Windows Vista and Windows 7 offer much more protection against infected USB drives, notes Tim Armstrong, a malware analyst with security vendor Kapersky Labs. However, Windows XP remains the most-used operating system worldwide, and the malware exploits the “AutoRun” feature for removable media. Stick a USB drive into the port on a Windows XP machine, and you may find your every keystroke logged and sensitive business files distributed to servers halfway around the world. Even if your company has upgraded its operating system, your employee might be working at home on Windows XP. A lack of security know-how. Smaller businesses are less likely to have dedicated IT personnel or to have policies in place to combat risky USB use. For instance, Good Samaritans in your company may be inclined to pick up a drive found in the parking lot, then insert it into their work computer to see if they can find the drive’s owner. “Somebody could write a script on that drive that goes and searches for your sales database and contact list,” says Rich Baich, principal for security and privacy at Deloitte & Touche LLP. Alternative ways to share information. It may be easier for a small company to rely on USB drives than to take the time and resources to develop other solutions, such as working in the cloud. How to protect your business You can’t afford to ignore this threat, say security experts. However, there are smart steps you can take to insulate your business from the risks posed by malware-infected USB devices. These steps are essential: Maintain up-to-date security solutions. Make sure your security is up to date on all computers attached to your business, and enable Windows updates. Consider an endpoint security solution that can prevent USB drives from being recognized Disable AutoRun. Countless online tutorials detail how to disable AutoRun. To temporarily disable AutoRun, hold down the shift key as you insert a USB drive. Maintain a dedicated computer. If your business is small enough that it’s practical to keep all critical information on one computer, consider doing so, says Baich. Then, don’t ever insert USB devices into that computer. “Keep it very clean. Don’t go surfing websites, use it only for business functions,” he advises. Update your operating system. Lessen your risk by using a more recent version of Windows or another operating system. Use security-protected devices. “Although USB drives are a major culprit for spreading malware, they have also evolved tremendously over the years,” says Cosoi.  “Some brands have built-in security software, which makes them safer. Look for these USB drives, and use them exclusively.” Educate your employees. In most cases, your employees are going to find the simplest, most convenient way to get their jobs done. It’s up to you to provide a means for them to move information when necessary and to outline the risks involved with USB drive use. Even posting a sign telling workers not to use unknown USB devices is likely to help. However, establishing a usage policy is your best protection. Parameters might include never running personal USB drives on work computers or business drives on home computers and passing along “found” drives to a designated employee, who can safely scan the devices. Consider alternatives. “It’s almost time to move away from USB sticks to cloud-based solutions,” Armstrong says. Break the USB habit by offering alternatives for file-sharing and storage, but make sure you have employee buy-in, say experts. “Companies should take this issue very seriously,” cautions Cosoi. “At BitDefender, we think USB-transmitted malware is more dangerous than e-mail or other ways of propagating malware.”  

About 915 days ago Mobility Tips and Tricks

Malware Takes Aim at USB Devices

our beautiful site

A USB drive is such a handy, inexpensive way to transport information that technology research analyst Gartner estimates 222 million USB devices shipped last year. But in some instances, those devices transport trouble as well. Small businesses in particular are paying a price for the convenience of using USB drives. As we grow more savvy to malicious attacks via e-mail and other avenues, cybercriminals are turning to USB drives to distribute malware. According to research by Panda Security, a whopping 25 percent of malware today is developed to disseminate through USB devices.  The top two threats in security provider BitDefender’s most recent E-Threats report are spread through USB drives. “Just these two viruses account for 17 percent of the total number of malware apps in the world,” says Catalin Cosoi, head the Online Threats Lab for BitDefender. BitDefender is also seeing new samples of malware distributed via USB drive. “Most hackers are lazy and don’t want to spend hours and hours trying to hack secured computers,” Cosoi explains. “If they can attack an easy target with just a few clicks, they will do that. Spreading malware through USB devices is just as easy as it sounds.” Why you might be vulnerable The risk posed by malware-infected USB drives isn’t limited to small and mid-sized businesses. IBM apologized after distributing infected drives at an Australian security conference earlier this year. However, experts say small businesses are vulnerable because of these factors: Older operating systems. Windows Vista and Windows 7 offer much more protection against infected USB drives, notes Tim Armstrong, a malware analyst with security vendor Kapersky Labs. However, Windows XP remains the most-used operating system worldwide, and the malware exploits the “AutoRun” feature for removable media. Stick a USB drive into the port on a Windows XP machine, and you may find your every keystroke logged and sensitive business files distributed to servers halfway around the world. Even if your company has upgraded its operating system, your employee might be working at home on Windows XP. A lack of security know-how. Smaller businesses are less likely to have dedicated IT personnel or to have policies in place to combat risky USB use. For instance, Good Samaritans in your company may be inclined to pick up a drive found in the parking lot, then insert it into their work computer to see if they can find the drive’s owner. “Somebody could write a script on that drive that goes and searches for your sales database and contact list,” says Rich Baich, principal for security and privacy at Deloitte & Touche LLP. Alternative ways to share information. It may be easier for a small company to rely on USB drives than to take the time and resources to develop other solutions, such as working in the cloud. How to protect your business You can’t afford to ignore this threat, say security experts. However, there are smart steps you can take to insulate your business from the risks posed by malware-infected USB devices. These steps are essential: Maintain up-to-date security solutions. Make sure your security is up to date on all computers attached to your business, and enable Windows updates. Consider an endpoint security solution that can prevent USB drives from being recognized Disable AutoRun. Countless online tutorials detail how to disable AutoRun. To temporarily disable AutoRun, hold down the shift key as you insert a USB drive. Maintain a dedicated computer. If your business is small enough that it’s practical to keep all critical information on one computer, consider doing so, says Baich. Then, don’t ever insert USB devices into that computer. “Keep it very clean. Don’t go surfing websites, use it only for business functions,” he advises. Update your operating system. Lessen your risk by using a more recent version of Windows or another operating system. Use security-protected devices. “Although USB drives are a major culprit for spreading malware, they have also evolved tremendously over the years,” says Cosoi.  “Some brands have built-in security software, which makes them safer. Look for these USB drives, and use them exclusively.” Educate your employees. In most cases, your employees are going to find the simplest, most convenient way to get their jobs done. It’s up to you to provide a means for them to move information when necessary and to outline the risks involved with USB drive use. Even posting a sign telling workers not to use unknown USB devices is likely to help. However, establishing a usage policy is your best protection. Parameters might include never running personal USB drives on work computers or business drives on home computers and passing along “found” drives to a designated employee, who can safely scan the devices. Consider alternatives. “It’s almost time to move away from USB sticks to cloud-based solutions,” Armstrong says. Break the USB habit by offering alternatives for file-sharing and storage, but make sure you have employee buy-in, say experts. “Companies should take this issue very seriously,” cautions Cosoi. “At BitDefender, we think USB-transmitted malware is more dangerous than e-mail or other ways of propagating malware.”  

About 2330 days ago Data Security

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.

About 2330 days ago Antivirus Software

Which Anti-Virus Software Should You Use?

Out of all the security programs installed on the company network or end user’s desktop, it’s probably the anti-virus software that’s doing the most to earn its keep. The joint Computer Security Institute/FBI’s 2006 Computer Crime and Security Survey found that overwhelmingly viral attacks remain the greatest source of financial losses and damages to businesses than any other breach in computer security. Losses from all computer security incidents among the survey’s 313 respondents totaled more than $52 million for 2006, down by more than 50 percent compared to 2005, according to the survey. Ninety-seven percent of the companies that responded reported using anti-virus software. Don’t log on without it Some companies tend to get lax about anti-virus software once they’ve installed a good firewall at the network gateway. “No firewall out there is a silver bullet,” says Joern Wettern, co-author of Firewalls for Dummies. “Make sure you have anti-virus software installed on all PCs and check them regularly for updates.” For that reason, easy-to-schedule scans and automatic updating is probably the first feature a business owner would want to look for in an anti-virus program. When it comes to other features, Arabella Hallawell, vice president at Forrester Research, of Cambridge, Mass., who specializes in the security software market, advises clients to be choosier. “The rule of thumb is you should only pay for what you’re going to need within the next 12 months,” she says. “And don’t forget to do a competitive negotiation, regardless of how small your organization is.” Round-up of anti-virus software With that in mind, here is a round-up of just some of the offerings in anti-virus software, ranging from market leaders, Symantec and McAfee, to some of the smaller, more entrepreneurial companies, such as Alwil and Kaspersky. Norton’s AntiVirus Cost: $40 to buy. $30 annual fee. Features: Produced by Internet security giant Symantec, a better question might be: What doesn’t it feature? Norton’s standard version includes a firewall, scheduled scans, scans for instant messaging, as well as bundled spyware, adware and rootkit detection. All those bells and whistles may take a toll on speed however. It’s the one area that got a low rating from Consumer. The professionals don’t seem to disagree. John DeLozier, a network security expert and founding partner of Nply Security, a network security consulting group in Dallas, concedes it’s often the preferred choice of his clients. “But, I find (Norton) too big, too bloated and too intrusive with all the chatty pop-up windows,” says DeLozier. McAfee’s ViruScan Cost: $40 to buy. $40 annual fee. Features: McAfee’s anti-virus software is bundled in with anti-spyware software and a firewall. It features automatic updates and instant message scanning. Other versions include protection for laptops, e-mail servers and file servers. Ben Rothke, director of security technology implementation at AXA Financial and a frequent speaker at industry conferences on network security, says, “I like McAfee. It’s mature. It’s automatic… with any brand, by the time it gets to version 3.0, the differences are going to be minimal at that point.” BitDefender Standard Cost: $30 to download. $20 annual fee. Features: BitDefender is worthy of mention, if for no other reason the critics seem to love it the most. It was recently ranked number one in its class by both PC World and Consumer Reports, who gave BitDefender especially high marks in detection and ease of use. The standard edition features both scheduled scans and scanning for instant messages. It does not include a firewall. Kapersky Labs AntiVirus Cost: $50 to buy. $35 annual fee. Kaspersky, a Russian software company best known in the small business and consumer market, is a little pricier. Wettern says it’s well worth it. “I find it updates very frequently, has great detection rates and is the fastest to react to new threats,” says Wettern. Kaspersky offers standard features like scheduled scans and spyware/adware protection. Additional features, not as easy to find, include laptop power saving, suspended scans during heavy usage and proactive rootkit removal for malware. Alwil’s Avast! Cost: Non-commercial use, free to download. Professional Edition is $40 a year. Features: You can’t beat the starting price. Avast also comes with a high rating from Consumer Reports and features IM scanning and a firewall. One of the unique features includes what Alwil calls a “virus chest.” It’s a folder on the disk drive that is impenetrable to any kind of virus attack, a sort of virtual lock box where sensitive files can be stored and isolated away from the rest of the operating system. Avast may also be a good solution for a small organization that does business worldwide. The software is offered in no less than 20 languages, including Japanese and Russian.