Problem solve Get help with specific problems with your technologies, process and projects.

How can copying file and exchanging memory tokens spread malware?

Ed Skoudis explains the malware-related risks of copying files, exchanging memory sticks and downloading emails.

What are the common threats associated with copying files, exchanging memory sticks and downloading emails?
The three vectors that you cite are the predominant means by which malware propagates today. Let's cover each individually.

Copying files
Most files today are copied via browsers, which download Internet files using either HTTP or FTP. Other methods for file copying include various file-sharing protocols, such as Microsoft file and print sharing and Network File System (NFS) mounts. Peer-to-peer networks, often used for the illicit copying of pirated songs and other media, are yet another method.

Regardless of the mechanism, however, the files themselves could contain malware that exploits a victim's machine. Of course, we're all familiar with concerns about double- clicking dubious .EXE files, which usually contain a malicious Windows executable that can then take advantage of a user's account. Beyond .EXEs, there are numerous other kinds of attachments that can execute code, such as screen saver files (.SCR). Even file types that aren't traditionally associated with code execution could exploit a flaw. A buffer overflow vulnerability in an associated document-reading application, for example, may force an execution of malicious code.

Every month, the bad guys find and start exploiting such problems in a huge number of document-reading applications. There have been recent security issues with Word documents, Acrobat Reader PDF files, PowerPoint presentations, QuickTime movie files and a host of other formats. Always be careful with .EXEs and .SCRs, of course, but other types of files are also suspect these days. Files from untrusted sources often contain exploits that install bot software, which allow an attacker to remotely access and control an individual machine as part of a larger botnet of infected and controlled computers.

'Memory sticks'
Let's talk more generally about all manner of storage devices that interface with our systems via USB, like the popular thumb drives (memory tokens) and related equipment. Just as with the network file-distribution technologies described above, these memory tokens can carry malware in nearly any type of file. Simply opening a file from a memory token can result in security disaster. Making matters worse, a thumb drive can be configured to appear to a Windows computer as a CD. By default, most Windows machines will auto-execute a CD program when it appears. Thus, if you simply plug a memory token into your USB port, your machine may auto-execute the bad guy's code. To avoid this problem, make sure you disable auto-execute for CDs and DVDs. There is a nice article over at Engadget describing how to do so.

Downloading files from email
It saddens me immensely that the most common vector for malware distribution today remains the lowly email attachment. The Storm bot/worm combo, one of the nastiest infections of the year, still uses email attachments as a dominant vector for spreading. (It uses several other methods of attack as well, but email is one of its most common avenues.) To protect against this threat, organizations need to have aggressive antimalware and antispam filters for our mail servers, as well as good, old-fashioned user education that teaches not to blindly click on email attachments.

More information:

  • See why experts are predicting that the Storm Trojan's malware reign will continue.
  • USB memory sticks bring new risks to the enterprise, but don't start gluing your USB slots shut just yet. Ed Skoudis provides some other options.
  • This was last published in December 2007

    Dig Deeper on Malware, virus, Trojan and spyware protection and removal

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.