Malware: Malware Threats & Malware Removal Kit

The Malware Removal Kit is a download from TechNet that provides you with excellent guidance and tools to help you restore PCs infected with malware.

 

The newest Solution Accelerator from Microsoft, it provides free, tested guidance to help you combat malware attacks and restore infected systems - so users can safely get back to work.

 

The kit shows you how to use the Windows Pre-installation Environment (Windows PE) to discover malware by performing a thorough offline scan of your computers, uncovering malware that may be hiding in the operating system. And once malware is located and identified, it can be quickly removed from infected PCs with a number of free anti-malware tools, like the Malicious Software Removal Tool from Microsoft.

 

Download here: http://www.microsoft.com/downloads/details.aspx?FamilyID=6cd853ce-f349-4a18-a14f-c99b64adfbea&displaylang=en

 

Malware Threats

 

The first step toward containing the spread of malware is to understand the various technologies and techniques that malware authors can use to attack your computer. Malware threats directly target both users and computers. However, it is also important to know that the majority of threats come from malware that targets the user rather than the computer. If a user with administrator-level user rights can be tricked into launching an attack, the malicious code has more power to perform its tasks. Such an attack can frequently cause more damage than one that has to rely on a security hole or vulnerability in an application or the operating system.

 

How Does Malware Get In?

Malware uses many different methods to try and replicate among computers. The following table lists common malware threats to organizations and provides examples of tools that you can use to mitigate them.

 

Table 1: Malware Threats and Mitigations

Threat	Description	Mitigation
E-mail	E-mail is the transport mechanism of choice for many malware attacks.	• Spam filters • Real-time antivirus and antispyware scanners • User education
Phishing	Phishing attacks try to trick people into revealing personal details such as credit card numbers or other financial or personal information. Although these attacks are rarely used to deliver malware, they are a major security concern because of the information that may be disclosed.	• Spam filters • Pop-up blockers • Antiphishing filters • User education
Removable media	This threat includes floppy disks, CD-ROM or DVD-ROM discs, Zip drives, USB drives, and memory (media) cards, such as those used in digital cameras and mobile devices.	• Real-time antivirus and antispyware scanners • User education
Internet downloads	Malware can be downloaded directly from Internet Web sites such as social networking sites.	• Browser security • Real-time antivirus and antispyware scanners • User education
Instant messaging	Most instant messaging programs let users share files with members of their contact list, which provides a means for malware to spread. In addition, a number of malware attacks have targeted these programs directly.	• Real-time antivirus and antispyware scanners • Personal firewall • Restrict unauthorized programs • User education
Peer-to-peer (P2P) networks	To start file sharing, the user first installs a client component of the P2P program through an approved network port, such as port 80. Numerous P2P programs are readily available on the Internet.	• Real-time antivirus and antispyware scanners • Restrict unauthorized programs • User education
File shares	A computer that is configured to allow files to be shared through a network share provides another transport mechanism for malicious code.	• Real-time antivirus and antispyware scanners • Personal firewall • User education
Rogue Web sites	Malicious Web site developers can use the features of a Web site to attempt to distribute malware or inappropriate material.	• Browser security • Pop-up blockers • Antiphishing filters • User education
Remote exploit	Malware might attempt to exploit a particular vulnerability in a service or application to replicate itself. Internet worms often use this technique.	• Security updates • Personal firewall
Network scanning	Malware writers use this mechanism to scan networks for vulnerable computers that have open ports or to randomly attack IP addresses.	• Software updates • Personal firewall
Dictionary attack	Malware writers use this method of guessing a user's password by trying every word in the dictionary until they are successful.	• Strong password policy • User education

 

From a security perspective, it would seem best to block all these malware transport methods, but this would significantly limit the usefulness of the computers in your organization. It is more likely that you will need to allow some or all of these methods, but also to restrict them. There is no single anti-malware solution that will fit all organizations, so evaluate the computer requirements and risks for your organization, and then decide how best to defend against malware that attempts to exploit them.