|
|
|
| New wave worms pose dilemma for IT Managers |
| Friday, March 05, 2004 at 20:13 by Andy Holliday |
The past few weeks have seen the introduction of a new breed of worms that use new techniques to evade corporate mail systems content scanners and anti-virus screening software.
Worms such as the Bagle variants send themselves as password protected zip documents but with the password in the body of the email, thereby enticing the recipients to open it and infect their machines or networks if their virus scanners on the local machine aren't uptodate.
This new technique poses a new challenge for IT Managers and IT Security Professionals alike as often encrypted and password protected documents have been allowed to be used for confidential emails and documents being sent over the public internet.
A lot of companies have allowed password protected documents to flow through their systems because it has been easier and cheaper to allow this than to deploy secure email solutions. It was only going to be a matter of time before virus writers exploited this trend.
The problem with password protecting files and documents is that the virus scanners cannot open them to scan them so most content filtering solutions by default will not allow the documents to go through.
A lot of IT departments swiftly modify this feature to allow the documents to travel unscanned so that the document can remain more secure until they arrive at the desktop. (This is inspite of the fact that Word Documents for example can be cracked with freely available tools without too much trouble unless a particularly strong password is used).
IT Managers now have a choice, whether to
a) stop all password or encrypted documents at server level and let IT Security staff open and scan them if possible, this could obviously interrupt the flow of business related correspondence
b) allow them to continue and try to ensure that all desktops are fully uptodate with virus and security software with the latest pattern files
c) Use greater filtering software that when it encounters password protected documents try to use text filters that
d) Stop the use of password protected documents altogether and use server encryption so that the public keys are stored on the external email server and the document can be decrypted on the fly at server level and scanned there. It is much easier to keep a server updated with the latest virus definitions than a desktop pc especially a telecommuter's PC.
The latter option is definitely the safest from an anti-virus point of view; the company is allowing secure communications to take place without compromising security from a virus standpoint. However this option is often costly and can be difficult to administer.
Software such as NetIQ's Mailmarshal and Clearswift's Mimesweeper are two such content filtering products which can help in protecting corporate networks and also can have encryption features.
A lot of antivirus companies have quickly responded to these new threats and built-in new features to combat the new techniques.
As always, ITVibe are monitoring this and we will continue bring you the latest developments on this situation. |
|
| |
| Recent Articles In Virus: |
|
| |
|
|
|
|
|
Reader Comments: 0
