Our organization has a high level of turnover, which means there are new users coming in all the time with little-to-no...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
security knowledge. Because of this turnover, we continue to have problems with scareware in particular, as employees are downloading fake antivirus, which then overruns our network. What is the best way to get this stuff out of our organization, considering our security awareness training can't seem to keep up?
While security awareness training is one of the most important aspects of a security program, there are times when technical controls must be put into place to stop or better manage specific security threats. In a situation where there are new employees with minimal security knowledge, it's probably best to rely less on security awareness and to carefully implement the necessary technical security controls. However, you should still ensure you have adequate security awareness training. This training should be about more than how to create a secure password: It should include education on phishing, social engineering and, of course, fake AV malware, among other things.
When it comes to scareware removal, first determine the root cause of the scareware and fake antivirus infections. If users are clicking on links from email and being directed to malicious webpages, becoming infected after clicking on rouge ads, or by other means, the network defenses might be slightly different; however, many of the same host security controls may be the same.
If you have difficulty determining the root cause of the infections, try comparing the security controls or settings of the infected systems with those of systems that are not getting infected, and adjust the infected systems' controls accordingly. If systems are not being adequately cleaned of malware, you may want to try rebuilding them to ensure the malware is completely removed. If you cannot determine the root cause of the infections, you may want to start with additional host security. To identify additional systems that are infected, monitor the network for outbound access to which known infected systems are connecting, or scour potentially infected systems for similar executables as those that are on the known infected systems.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.