Stephan Freeman, Information Security Manager for LSE, gave a brief talk at the Staff Briefing about trojan horses, malicious software and how you can protect yourself and the LSE from internet attacks. Below is a summary:
Trojan Horses and Malicious Software
Malicious software can be categorised into multiple types:
- Viruses – infects individual files and spreads through the sharing of disks and USB sticks
- Worms – spread over networks, exploiting vulnerabilities in remote computers
- Logic Bombs – spread either way, but are designed to “detonate” on a particular day, or after a particular user action, generally to render the victim’s computer unusable
- Trojan Horses – masquerade as useful or legitimate software but install themselves silently in the background, allowing someone somewhere else over the Internet unauthorised access to a PC.
The purpose of much malicious software today is to generate money. Criminal gangs control huge networks of infected computers that they can then control for their own means. The sorts of things they do with these networks include:
- Extort money from others – for example, where a business only has an Internet presence, criminals may demand money to prevent them from using their network to overload the website at a specific time.
- Steal confidential data – stealing the identities of the owners of the infected machines and anything else confidential they might have.
- Send spam – this is a huge area. Nearly 90% of all of the email being sent over the Internet is spam. LSE received 1.3 million emails in a week (21/6/2010 – 28/6/2010), of which 780,000 were spam (source – MessageLabs admin console). A further 12,000 were viruses, all of which were blocked.
- Bring down websites – this has happened a number of times, generally for ideological reasons. Organisations that are not in favour may find themselves at the receiving end of what’s known as a “distributed denial of service” attack.
Criminals are getting even more audacious: they have started selling malicious software in the guise of legitimate anti-virus. In one case, a company was making $100,000 per month on top of the revenue they were generating from operating their network of compromised machines.
Targeted Trojans are the most insidious type of malicious software. These are custom written applications that are designed to evade anti-virus companies, generally targeting individuals and their data.
Some general advice on how not to be a victim:
- Don’t open attachments from people you don’t expect messages from
- Be suspicious!
- Be aware that people do want to get in
- Call IT Services if you suspect that you have received a virus or Trojan
- Don’t keep sensitive data on laptops or USB sticks
- Be aware of what data you take abroad
To protect yourself, make sure that you’re running anti-virus software on all your devices. LSE network-attached equipment should have it already installed. LSE laptops should also have it installed, but as part of the asset management programme, a CD will be given to all laptop users to install.
Sophos is also available, for free, for all staff and students here: http://www2.lse.ac.uk/intranet/LSEServices/divisionsAndDepartments/itservices/remote/protectYourOwnComputer/antivirusSoftware.aspx
I am available to provide specific advice to departments or individuals – just drop me a line.
Information Security Manager