Introduction to Ethical Hacking
Temple University

Week 9 Takeaways

Published October 18, 2015 | By Jeta Gjana

Reading Summary: Malware

Malware infection is becoming very popular nowadays, ranging from Trojans, Backdoors, Zero-Days, Virus, Worms, and Polymorphic malware. Each organization has its way of handling such an infection, however each has an Incident Handling procedures in place that assists for dealing with various types of malware. More importantly, it helps the security personnel to quickly handle the malware and reduce any impact or any disruption it might cause the business as a whole. SANS introduces the Six Step Incident Handling Process as the following: preparation (policies and procedures), identification, containment, eradication, recovery, and lessons learned. In addition, the most important skills/attributes to have when handling an incident are:

  1. Preparation: prevent the entry point of malware into the network.
  2. Patience: formulate an effective strategic solution instead of taking quick un-prepared steps.
  3. Persistence: analyze the malware sample regardless of its difficult and complex design.

In the news: New zero-day exploit hits fully patched Adobe Flash [Updated]

Adobe has acknowledged that there is an unpatched flaw in Flash that is being actively exploited. The acknowledgment comes one day after Adobe’s monthly security update; the issue was not addressed in that update. The flaw affects Flash version 19.0.0.207 and earlier for Windows, Mac, and Linux. Adobe plans to issue an emergency patch for the flaw next week. However, in the meantime, this zero-day exploit is targeting government agencies (i.e.: Russian politicians) as part of a long-running espionage campaign carried out by a group known as Pawn Storm. In addition, it has also infected the iOS devices of Western governments and news organizations.

For additional information regarding this article, please click here.

Question for the class:

Have you been a victim of a zero-day attack or have experienced any malware/virus in your personal workstation or that at work? If so, how was it executed and how did you resolve the infection?

Posted in

Leave a Reply

Your email address will not be published. Required fields are marked *