Author Topic: Fending off Malware attacks- Keeping it simple  (Read 471 times)

thejasdatasoft

  • Global Moderator
  • Blue Belt
  • **
  • Posts: 124
  • Karma: +1/-0
Fending off Malware attacks- Keeping it simple
« on: September 16, 2013, 10:24:53 AM »



The current situation: Malware, malicious computer software which commits nefarious actions such as stealing sensitive information such as login credentials, financial information, contents of cookies and files have been spreading in the Internet like wildfire. Consider the case that in the last year alone, we at Stopthehacker.com have documented a 100% increase in the incidents of web-based malware affecting various websites, hosters and e-businesses than the previous year. This points clearly to the fact that malware authors are sitting up and taking notice of this greenfield opportunity, via websites, to infect more and more systems on a daily basis.


How does it work: Different kinds of malware work in different manners. We have observed a spike in “passive credential sniffing trojans”. This kind of malware installs itself on the local computer of an end-client and sniffs for cleartext credentials, such as FTP passwords. Once the login credentials are acquired, these are transferred to automated bots using IRC channels or free email boxes. The automated bots use these credentials to log into the account of the end-client and proceed to infect the entire account. Another kind of malware probes for vulnerabilities for popular CMS software such as WordPress, Joomla and Drupal. Once a version number can be identified a pre-set attack is launched on the website. If appropriate security mechanisms are not in place, the site gets compromised and the automated bots wreak havoc. There are many other  variants.


In our constant interaction with hosters and end-clients it is very important to clearly verbalize some basic good-faith practices which can lead to a lot less heartache in the first place. This article will provide some simple tips to protect a website, a hoster and an e-business from being affected by web-based malware.


Advice to the end-client:


-Scan local computer with multiple AVs


-Change FTP and web-panel passwords


-Upgrade CMS systems, any third party plugins they are using


-Patch Ad server software such as OpenX or shopping carts like OSCommerce


-Check your website code via a scp/ftp download, not by opening up a local copy in Dreamweaver!


-Check you .htaccess file for compromise


Advice to hoster:


-Sandbox the compromised account


-If the customer is not technically astute, change FTP and web-panel passwords for them


-Make sure server-wide CMS systems are up to date


-Make sure your kernel and system level patches are current


-Provide a copy of the access logs to the user’s site to the end-client to figure out offending IPs and block them


-Encourage client to adopt more secure solutions, such as monitoring and prevention solutions


Website hosting companies should take advantage of new emerging, website “Health Monitoring” solutions. This kind of new technology can scan websites with minimum interruptions, is totally SaaS based and uses advanced artificial intelligence mechanisms to catch never-before-seen malware. This is a significant break from the way most traditional anti-virus software work. Simply scanning for signatures is not enough to detect thousands of new variants of malware.  Consider for example that current anti-virus engines cannot detect web-based malware effectively.




Thanks,

Thejas