Security Watch

Malware: Is Cleaning Enough?

The only good solution to malware is a complete OS reinstall, says Microsoft.

Malicious Code
A program manager in Microsoft's security group said recently that companies should have a mechanism for completely replacing the software on an infected system rather than attempting to clean it. According to the malware they've examined, much of it persists despite numerous cleaning attempts, making complete re-installation the only effective method of restoring a PC to its original state.

Well, let's be honest: This is nothing new. Once a system has been compromised, it is, and always has been, extremely difficult to determine all of the components the malware has installed. It becomes even harder the longer the malware has been in place, due to the nature of today's bots, which often contain automatic updating or add-in mechanisms.

The question now becomes whether or not you can trust your AV program's report on whether it can remove the malware it has discovered. The safest bet is no, but in reality it greatly depends on the malware that's been found. AV companies are good at determining what all a particular variant may do to a given victim, and usually state it in their descriptions. Problems arise, however, when they apply a generic description to a variant they identify but haven't previously seen firsthand.

In the end, you need to decide for yourself on a case-by-case basis. Regardless, it's time to dust off your old back-up policies and make sure you have a way to do a complete restore on any machine in your network.

Human Factors
The U.S. Department of Justice (DoJ) reported that 3.1 percent of households in the United States suffered some form of identity theft during a six-month period in 2004. Identity theft was qualified by unauthorized use or attempted use of an existing credit card, other existing accounts such as a checking account, or misuse of personal information to obtain new accounts or loans, or to commit other crimes.

Almost half of all reported identity thefts were abuses of existing credit cards, with more than half of the remaining thefts occurring due to abuse of other existing accounts. Misuse of personal information, which I personally consider closer to the true definition of identity theft, occurred in only 15 percent of the victimized households, or 0.5 percent of all U.S. households.

Not surprisingly, the most likely victims were in the 18 to 24 age range, made $75,000 or more and lived in urban areas. Conversely, only 30 percent of victims noticed missing money or unfamiliar charges, and less than 25 percent were contacted by a credit bureau. This suggests that the criminals were either trying to stay under the radar, or were unaware of the extent to which their victims could have been robbed.

Read the DoJ's report here (PDF).

According to a recent Wall Street Journal story (WSJ.com ID required to read), corporate concerns over the impact of emerging Internet technologies, including security, may limit their adoption.

The story focuses on instant messaging, third-party Web-based e-mail and Skype. While fear of the overuse, or abuse, of bandwidth is mentioned as a concern, the primary motivation behind corporations' lack of adoption is previous security breach experiences with these technologies, such as worms via IM. Skype is noted due to the inability to determine what is being carried, leading to potential issues with regulators.

Nothing really new in this story -- it merely restates the obvious problems and concerns that corporations have faced all along. It is interesting to note that in response to the criticism, some of the vendors made it seem that they believe corporations are confused over their products instead of being focused on legitimate issues. Not really putting a best foot forward in an attempt of quelling concerns.

Want More Security?

This column was originally published in our weekly Security Watch newsletter. To subscribe, click here.

Governance
Verizon had a class action suit brought against it by customers who were annoyed in 2004 after Verizon implemented a massive blocklist to prevent spam. That blocklist was so broad that it effectively stopped their customers from receiving e-mail from certain countries -- and in some cases, regions. Verizon settled the case, giving affected DSL customers who apply a one-time payout of $49 for their inconvenience.

While there's no doubt that such a massive blocklist was overkill and, equally, that the stated remarks Verizon support apparently gave some customers was inappropriate ("If it's really important, you should use a phone rather than e-mail."), some protection may be necessary for ISPs who are at least attempting to stem the tide of badness afflicting their customers. The lawyers in this class action suit seem to be the only winners (reaping $1.4 million for their efforts).

About the Author

Russ Cooper is a senior information security analyst with Verizon Business, Inc. He's also founder and editor of NTBugtraq, www.ntbugtraq.com, one of the industry's most influential mailing lists dedicated to Microsoft security. One of the world's most-recognized security experts, he's often quoted by major media outlets on security issues.

comments powered by Disqus
Most   Popular