X hits on this document

PDF document

Symantec enterpriSe Security - page 61 / 97

219 views

0 shares

0 downloads

0 comments

61 / 97

Symantec Global internet Security threat report

Rank

Propagation Mechanisms

1

File-sharing executables

2

File transfer, CIFS

3

File transfer, email attachment

4

Remotely exploitable vulnerability

5

File sharing , P2P

6

File transfer, HTTP, embedded URI, instant messenger

7

SQL

8

Back door, Kuang2

9

Back door, SubSeven

10

File sharing, data files

2009 Percentage

2008 Percentage

72%

66%

42%

30%

25%

31%

24%

12%

5%

10%

4%

4%

2%

3%

2%

3%

2%

3%

1%

1%

Table 18. Propagation mechanisms Source: Symantec

in 2009, 42 percent of malicious code that propagated did so through the CiFS protocol, up from 30 percent in 2008. propagation through the CiFS protocol overtook propagation through email in 2009. the increase may be linked to the diversification of mechanisms discussed above. three of the top 10 malicious code threats for 2009 employed the CiFS propagation mechanism, up from two in 2008. this includes the Downadup, Mabezat and Almanahe worms.

the CiFS propagation mechanism can be a threat to organizations because file servers use CiFS to give users access to their shared files. if a computer with access to a file server becomes infected by a threat that propagates through CiFS, the infection could spread to the file server. Since multiple computers within an organization likely access the same file server, this could facilitate the rapid propagation of the threat within the enterprise. if malicious software can infect a single computer through any other propagation method such as email or malicious websites, the CiFS propagation method can rapidly spread infection throughout an entire organization. this is increasingly becoming a threat to home environments as well, because home networks with multiple devices are becoming more commonplace.

to protect against threats that use the CiFS protocol to propagate, all shares should be protected with strong passwords, and only users who require the resources should be given access to them. if other users do not need to write to a share, they should only be given read” permissions. this will prevent malicious code from copying itself to the shared directory or modifying shared files. Finally, CiFS shares should not be exposed to the internet. Blocking tCp port 445 at the network boundary will help to protect against threats that propagate using CiFS.169

propagation occurring through email attachments dropped from 31 percent in 2008 to 25 percent in 2009, continuing its decline from 32 percent in 2007. Email attachments have now been surpassed by both executable file sharing and CiFS propagation methods.

169

tCp port 445 is the default port used to run CiFS on tCp.

61

Document info
Document views219
Page views219
Page last viewedSat Oct 29 00:33:22 UTC 2016
Pages97
Paragraphs2532
Words45916

Comments