I heard that Sality -- an aging malware -- is trying to come back with a vengeance by brute forcing routers. Can you please explain how this works and how to defend against it?
What is old will always be new again -- or at least new again to someone.
The Sality malware has increased the number of systems it can infect by adding a new component that allows it to perform brute-force passwords attacks on consumer-grade wireless access points that will change the DNS settings on systems using that wireless access point. Once the DNS is changed on client systems, the clients are then sent downloads masquerading as legitimate software, which will then install the malware on the client computer.
Preventing a Sality attack on an enterprise network is different from preventing it on a home network. On a home network, you can just change the default password on the wireless router used and restrict the admin interface to internal access only. An enterprise, on the other hand, must take a more aggressive approach by extending network monitoring. Searching for rogue wireless access points that might be vulnerable can be done with a vulnerability scanner or a basic port scan. Enterprises can also monitor the network with an intrusion detection system for rogue DHCP servers that might be running on rogue wireless routers. To identify compromised systems, enterprises could also monitor for DNS traffic from a client system to unapproved DNS servers. Once a rogue device is identified, enterprises should remove it from the network -- or at least minimally secure the device by changing the default password to a strong one.
Learn about the latest in malware defense from SearchSecurity.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Cloud penetration testing presents new challenges for information security teams. Here's how a playbook from the Cloud Security Alliance can help ... Continue Reading
Island hopping attacks create enterprise risk by threatening their business affiliates. Here's how to create an incident response plan to mitigate ... Continue Reading
Many cloud providers are tight-lipped about internal security control details. Learn how to evaluate cloud security providers with certifications and... Continue Reading