Our organization has a high level of turnover, which means there are new users coming in all the time with little-to-no...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
security knowledge. Because of this turnover, we continue to have problems with scareware in particular, as employees are downloading fake antivirus, which then overruns our network. What is the best way to get this stuff out of our organization, considering our security awareness training can't seem to keep up?
While security awareness training is one of the most important aspects of a security program, there are times when technical controls must be put into place to stop or better manage specific security threats. In a situation where there are new employees with minimal security knowledge, it's probably best to rely less on security awareness and to carefully implement the necessary technical security controls. However, you should still ensure you have adequate security awareness training. This training should be about more than how to create a secure password: It should include education on phishing, social engineering and, of course, fake AV malware, among other things.
When it comes to scareware removal, first determine the root cause of the scareware and fake antivirus infections. If users are clicking on links from email and being directed to malicious webpages, becoming infected after clicking on rouge ads, or by other means, the network defenses might be slightly different; however, many of the same host security controls may be the same.
If you have difficulty determining the root cause of the infections, try comparing the security controls or settings of the infected systems with those of systems that are not getting infected, and adjust the infected systems' controls accordingly. If systems are not being adequately cleaned of malware, you may want to try rebuilding them to ensure the malware is completely removed. If you cannot determine the root cause of the infections, you may want to start with additional host security. To identify additional systems that are infected, monitor the network for outbound access to which known infected systems are connecting, or scour potentially infected systems for similar executables as those that are on the known infected systems.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
SSL attacks "in stealth mode" are helping attackers avoid detection and analysis. Expert Nick Lewis explains how to discover and defend against the ...continue reading
Learn how sinkholing is helping security experts analyze infected devices and even disable malware in compromised endpoints.continue reading
Motion and gestures are being used for mobile malware detection on smartphones. Learn how this method works and whether it is a worthy addition to an...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.