About a month ago holland got hit by a virus/malware called Dorifel. This virus was sneaky enough to hide itself from virus scanners or firewall’s by changing it’s appearance every once in a while. Also it was build in a way that it could download new instructions from the ‘command server’ to be executed on the victims computer.
I was amazed that while entire holland (well, let’s be honest – only governmental company’s) were hit by this virus and the solution was out there on the web it still took ages to stop the virus from spreading throughout there network.
But, this is after the malware already infected computers. How is it even possible that the malware got this far? Lack of security? Ignorance?
Almost all malware gets spread by websites that are hacked, defaced or on any other way compromised. This can happen to the best; look at the latest news about Telegraaf.nl. This means that the victim most of the times has no idea what is happening (or that something IS happening) to there computer. But this also means that these users have enough rights on there computer (or the network) to execute these files. Thats just dumb and a mayer security flaw.
In no situation can i imagine a user that would need permission to execute files (installers/scripts) on there desktop – these rights are only meant for system administrators and should be limited to a drive (for example a central drive that contains all install files).
So what can we do?
– Close all ports on the firewall that you don’t need.
– Disable all Internet Explorer (or whatever browser) plugins that you don’t need or don’t use.
– Make sure all the updates/Virus Definitions on your PC are done, at ALL times.
– Always work on an account with limited (or no) install rights, specially when you work on a network