When You Become The Company Enemy

Malware is distributed in a number of ways. Many web attackers focus their efforts on attracting potential victims to visit malicious sites and, to prevent this from happening, a lot of organisations restrict employee access to reputable sites only. Hackers, however, are aware of this practise and counter it by hacking legitimate sites and turning them into drive-by-download platforms and thus a channel to distribute malware.

Recently, Websense discovered that Amnesty International’s official site had been compromised and was distributing malware. This was not a one-off; only a few months ago, a very popular server on the official site of MySQL, was hacked and used to distribute malware for a short period of time.

So what can you do?

Organisations that allow employees to browse the web must have security mechanisms that can detect when a malware attack has occurred. Simply telling users to stay away from disreputable sites is not enough to protect your network. There are various tools an administrator can use, such as reputation services that are periodically updated, to virus scanners and other technologies that detect this variety of malicious attack.

What can you do if you’re the compromised web host?

What this story teaches us is that we all can inadvertently end up distributing malware. A simple hack can turn your trusted and reputable site into the malware distribution mechanism everyone is trying to stay away from. There is no telling what damage this could do to your company’s reputation.

The first thing you must do is make sure that an attacker does not have an easy time compromising your website. Pre-emptive measures include updating all your software and ensuring your servers are properly and securely configured. This is not a one-off job and you need to carry out frequent audits on your web server to identify missing patches and vulnerabilities that could be exploited.

If you’re unlucky and your website is defaced or hackers install malicious drive-by downloads on your web server, you don’t want to be alerted by someone in the media. Therefore an effective way to stay on top of the game in this situation is to make sure that any files on your web server have not been compromised.

You can do this using simple script that downloads all the files on your web server and compares them to a safe local copy. If unauthorized changes have been made to the files you are immediately notified. Automating this process will give you peace of mind that should the worst happen, you can take corrective action in a very short time.

Internet usage in an organisation can open the door to some nasty stuff. Taking a proactive approach as I’ve outlined above can help you go a long way towards mitigating the danger.

Emmanuel Carabott CISSP heads security research at GFI Software. He has over 12 years’ experience in the security field and is a regular contributor to several websites and blogs. For more information about the benefits of using email usage reporting.

Our latest thought leaders