Small Business Attack – Malware

It’s interesting how business awareness lags actual security threats.  I was having a conversation recently with someone who said something like “yeah, we get by a virus about once a month, but we clean it up and keep going”.  This took me aback as I realized that there are a significant number of people out there that don’t view malware seriously.

This is our fault.  For years, we’ve been classifying threats and discussing their differences instead of focusing on their similarities.  If you’ve touched any IT in the last decade, you’ll recognize the following list of words:  virus, worm, trojan, spyware, adware, malware.  You’ve probably been told that your antivirus application will take care of it, so you run it and get on with your life.  Well, I’m sorry to break it to you, but you’ve been lied to.

We’re at the end of what antivirus can do.  We’ve also reached the point where malware (malicious programs) have moved from being annoying to being evil.

Back in the day, malware would spread from system to system and slow things down.  Sometimes, they’d delete files.  That was then.

Today, people are using these systems to create what are known as bot armies.  Once they take over your computer and add it to their armies, they can do anything they like to your computer.  Like what?

• Conduct attacks on other networks
• Store illegal materials (often child pornography) on your computer
• Crack passwords
• Banking data
• Harvest all proprietary data (trade secrets, tax information, business plans, source code) from your network
• Harvest client data (credit card numbers, social security numbers) from your network

Basically, if you get infected with malware, the attackers can get anything they want from you.  Any file you have, any site you browse to, any email you send or receive.  It’s all theirs.

It’s more than a nuisance.  What are you doing about it?