Our organization has a high level of turnover, which means there are new users coming in all the time with little-to-no...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
security knowledge. Because of this turnover, we continue to have problems with scareware in particular, as employees are downloading fake antivirus, which then overruns our network. What is the best way to get this stuff out of our organization, considering our security awareness training can't seem to keep up?
While security awareness training is one of the most important aspects of a security program, there are times when technical controls must be put into place to stop or better manage specific security threats. In a situation where there are new employees with minimal security knowledge, it's probably best to rely less on security awareness and to carefully implement the necessary technical security controls. However, you should still ensure you have adequate security awareness training. This training should be about more than how to create a secure password: It should include education on phishing, social engineering and, of course, fake AV malware, among other things.
When it comes to scareware removal, first determine the root cause of the scareware and fake antivirus infections. If users are clicking on links from email and being directed to malicious webpages, becoming infected after clicking on rouge ads, or by other means, the network defenses might be slightly different; however, many of the same host security controls may be the same.
If you have difficulty determining the root cause of the infections, try comparing the security controls or settings of the infected systems with those of systems that are not getting infected, and adjust the infected systems' controls accordingly. If systems are not being adequately cleaned of malware, you may want to try rebuilding them to ensure the malware is completely removed. If you cannot determine the root cause of the infections, you may want to start with additional host security. To identify additional systems that are infected, monitor the network for outbound access to which known infected systems are connecting, or scour potentially infected systems for similar executables as those that are on the known infected systems.
Dig Deeper on Web Application and Web 2.0 Threats
Related Q&A from Nick Lewis
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly ...continue reading
The Irongate malware has been discovered to have similar functionality to Stuxnet. Expert Nick Lewis explains how enterprises can protect their ICS ...continue reading
APT groups have been continuously exploiting a flaw in Microsoft Office, despite it having been patched. Expert Nick Lewis explains how these attacks...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.