An Old Trojan in New Clothing - How Does Symantec Respond?
(Page 4 of 5 )
I was fortunate enough to speak with Kevin Haley, a director at Symantec Security Response, to get a better handle on what happened to my computer and how their software responds to threats. Right away we determined that I'm using Norton Anti-virus, rather than Norton Internet Security, which offers extra layers of protection. “What you were infected with was a misleading application,” Haley explained. Such applications get put on machines by a Trojan that acts as a downloader. They're very popular right now; “we're seeing thousands of these things,” Haley noted.
The particular form of attack I faced, Haley figured, was what is known as a “drive-by download.” In this form of attack, a malicious hacker gets onto a website and gets into its HTML so they can put an exploit into the code. “When that particular page is downloaded onto your machine through the browser, it runs an exploit (such as a buffer overflow)” to get malware onto your PC. “Often it's a downloader that downloads more” bad software, Haley noted. Symantec's Norton Internet Security product protects against drive-by downloads.
One really interesting aspect that Haley brought up is how the bad guys work. They often use affiliates – that is, they pay people to infect other machines with their malware, often paying something like 10 cents per infection. Haley noted that there could be thousands of affiliates hard at work infecting machines. Worse, these nasty infections could be hidden in popular peer-to-peer downloads, so that music you think you're getting for free could easily contain a virus or something else for which you didn't bargain.
Additionally, malware can be distributed in the way Perfect Defender 2009 attempted to get onto my computer – by social engineering. It's not the only professional-looking web site online touting software you may never have heard of. Haley noted that ads featuring professional-looking software that appears to be legitimate are actually promoting malware.
So how can web surfers protect themselves from the danger out there? “Have a good security package on your machine,” said Haley, and keep it up to date. “The latest Norton products have a feature called Pulse that will update your software every five to ten minutes...these are in the 2009 products, and started to be available in October.” Haley said that this is one of a number of features provided in response to customer requests for security software to stay out of the way while protecting their computer.
More active ways to protect your computer include developing a little healthy paranoia. “You have to be suspicious of attachments and links in email, and applications you've never heard of, even if they look slick and well-packaged,” Haley said. He also advocated using different kinds of security software, though not necessarily from multiple vendors, because they might not play well togetherl. As an example, he pointed to Symantec products that use multiple security technologies in one package: a firewall, anti-virus software, intrusion prevention (which is network-based), a browser defense that protects against drive-by downloads and other kinds of attacks, and something he called “sonar,” a behavior-blocking technology.
Next: The Cat-and-Mouse Game >>
More Web Hosting News Articles
More By Terri Wells
/ 6 
