The Scob Trojan horse virus is a typical example of the kind of sophisticated blended threat that demands an integrated, multi-layered security approach, according to SurfControl. This virus incorporated three different threats to enterprise networks. The virus first exploited weaknesses in servers and Microsoft's Internet Explorer browser, enabling it to infiltrate major Web sites and infect PCs of the Web surfers who visited these sites. The virus then placed keystroke logger software on infected users' PCs to capture personal and financial data. This virus also allowed the hackers to take control of a PC much like spyware does, where the keystroke information was then sent back to the hacker's designated server with all of the personal information captured from the log. This week's 'Net attack is similar, but uses pop-up ads that download keystroke logger software on users' PCs to record their keystrokes if they visit any of 50 targeted financial Web sites.
"Corporations who take a 'silo' approach to network security are more likely to be vulnerable to these new attacks," said Kevin Blakeman, president of SurfControl's U.S. operations. "Layered security doesn't just mean more firewalls and anti-virus protection. These attacks are global in nature, and incorporate sophisticated software that can bypass servers. They even mask Web pages so well that users are totally unaware of any threat. Enterprises can combat these threats by taking a holistic approach and combining content security management with increased network security and employee education."
Regarding the Scob virus, SurfControl's e-mail and Web filtering technologies working together could identify and stop the virus from entering an enterprise and taking over PCs of unsuspecting Web surfers.
SurfControl E-mail Filter is a sophisticated content filtering solution that helps protect enterprises from blended content threats. It incorporates twelve levels of anti-spam protection and artificial intelligence, including technology to parse and strip active HTML e-mail components, such as Java applets that can trigger malicious code. SurfControl's technology also helps prevent phishing attacks and e-mail-based fraud by identifying and blocking spoofed e-mails. Together with anti-virus scanning and cleansing, SurfControl E-mail Filter helps companies manage incoming, out-going and internal e-mail threats.
For example, IT managers can detect whether a zombie has been deployed within their network using SurfControl E-mail Filter's outbound monitoring capabilities. SurfControl also provides customers with multiple daily downloads about e-mail threats to proactively protect against new e-mail risks. These downloads include anti-virus and anti-spam e-mail signature updates to arm IT managers with necessary tools to stop emerging fraud attacks, phishing e-mails and dangerous viruses.
SurfControl Web Filter helps corporations manage blended threats by focusing on risks from Web-based content. Based on its industry-leading URL content database of more than 6 million Web sites, SurfControl Web Filter enables IT managers to control access to Web sites in real time in 40 different categories and 70 foreign languages. These include spyware and hacking categories that list the major designated servers that keystroke logging software communicate with following a Trojan attack. By blocking these addresses, companies can significantly reduce the impact of a Trojan attack, and prevent inadvertent downloads of keystroke loggers, proxy servers and other harmful back doors onto corporate networks.
SurfControl Web Filter also helps reduce network vulnerabilities by detecting and blocking harmful file-type downloads that can initiate and spread viruses and other attacks. It maximizes resources, reduces the risks involved in Internet access and enables corporations to customize access based on employees' business information needs. Content is kept current with a combination of expert human review, state-of-the-art automated tools and customer submissions.
SurfControl also provides a free Network Risks Web alert service to help IT managers keep up with the constant flow of new viruses, hoaxes and other risks. The service offers a constantly updated Web site and listserv to provide up to the minute details and facts about new risks and proposals on how to protect enterprise networks against them.
SurfControl suggests IT managers consider the following tips to help defend against future similar viruses:
- Block all port 25 (SMTP) e-mail traffic to and from any machine except for corporate messaging servers. This will block the majority of mass-mailing viruses and spam zombies that include their own mail exchange and SMTP engines, which enables mail to be sent directly from the zombie to the target mail server-bypassing corporate outbound mail servers.
- Block all e-mail executable file extensions. This should be part of every company's Acceptable Usage Policy.
- Block Web-based e-mail, which introduce viruses and malicious content onto the network.
- Prevent password-protected archive files from transmitting. Recent viruses are using this technique to bypass anti-virus programs.
- Strip active HTML components from inbound or outbound messages. These include Java applets, IFrame, ActiveX, and VBS Scripts.
- Incorporate intelligent, multi-layered content filtering technologies as a critical component of overall network security.
