Defeating malware doesn

Two years ago, U.S. retailer TJX spent some US$130 million – including US$65 million to two credit card companies – to clean up the mess after the online theft from its computers of consumer data.

Had the company followed basic wireless security procedures the breach wouldn’t have happened, Derek Manky, project manager for cyber security and threat research for security vendor Fortinet, told the IT360 technology conference Wednesday in Toronto.

It’s an example, he said, of how defending against the ever-increasing malware threats can be effective and not expensive.

“The reality is breaches and infections will happen,” Manky said. A layered defence based on unified threat management rather than end point products will help blunt the attacks, he said.

But some actions don’t involve spending a penny. For example, it costs nothing to create and stick to a patch management policy, he said. Proof that many organizations don’t do that was the large number of servers and PCs infected by the Conficker worm two months after Microsoft released a patch. Disabling any autorun capabilities in the operating system is another free fix that’s forgotten, as well as forbidding the use of simple passwords.

Still, Manky offered no easy fixes. “The barrage of these threats is not going away,” he said. There was an explosion of malware in 2007, and since then “it’s getting worse.”


Read our full conference coverage

Malware creators are recruiting software writers, he said, and with an increasing number of IT people being laid off because of the global recession, there’s lots of talent being tempted. Threats range from mass e-mails and file infections – the oldest forms of attacks, but still going strong – Web-based attacks, including drive-by downloads and malware aimed at social networking sites such as FaceBook, intrusions from portable devices such as USB sticks and smartphones, and targeted attacks which lift a Web site’s template and replace the links.

The Conficker worm is an example of how fast the malware’s developers adapt, he said. The first version was seen last August. Variations appeared in November and December. In March a new version included change the way it communicated with hosts to include a peer to peer protocol.

There isn’t one weapon that will defend against all these threats, Manky emphasized. The first line of defence is at the gateway, where a hardened firewall, intrusion detection, Web filtering, anti-virus and anti-spam software are needed. AV and anti-spam at the desktop are also needed.

Some organizations choose best of breed solutions, but Manky urged a unified threat management approach, which brings a number of these capabilities into one firewall, as the best solution largely because they can all be managed through one interface.

Another official from a security vendor who spoke at the conference was Ryan Naraine, security evangelist for Kaspersky Lab, who warned an audience that malware creators are exposing the “ecosystem of trust” in social networking sites such as FaceBook and MySpace.

The sites contain thousands of personal links which can be hijacked for unsuspecting people to click on. Some viruses are even programmed to look for FaceBook or MySpace pages. These two sites are “putting up some roadblocks,” he acknowledged, but it’s not very effective.” In the last three months there’s been a “full-blown explosion” of social-site malware.

In an interview, Narine echoed some of the simple defences that can be take against these attacks that Manky made, such as having strong passwords, a properly configured firewall and a strong patch management policy. But he went further, saying organizations should forbid staffers from going to social networking sites unless absolutely necessary, just as they block access to instant messaging. “There’s no real way to police it unless you invest heavily in user education to get people to spot malicious links.”

For his part, Manky repeated the cliche that time is money, and when it comes to security it’s still true: The faster an organization can meet and defeat an online threat, he said, the less damage it will cost.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now