Zeus, Koobface, Conficker: How to fight

Cisco, Info-Tech and Microsoft weigh in on battling the top security threats of 2009

Cisco highlighted the top security threats of 2009 by presenting Cybercrime Showcase Awards as part of its Annual Security Report.

12 of the biggest data breaches in the past 12 months

Two positive and two not-so-positive categories were included. Awards went to the Conficker Working Group for the "Cybercrime Sign of Hope" and Washington Post journalist Brian Krebs as the "Cybercrime Hero."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Cisco highlighted the top security threats of 2009 by presenting Cybercrime Showcase Awards as part of its Annual Security Report.

12 of the biggest data breaches in the past 12 months

Two positive and two not-so-positive categories were included. Awards went to the Conficker Working Group for the "Cybercrime Sign of Hope" and Washington Post journalist Brian Krebs as the "Cybercrime Hero."

Zeus and Koobface won the "Most Audacious Criminal Operation" and "Most Notable Criminal Innovation" awards, respectively.

Threats like Conficker, Zeus and Koobface may be audacious, notable and innovative, but traditional tried-and-true methods of defence continue to be the best means for fighting back.

The top three technological things enterprises can do to protect themselves are "basic, tried-and-true, dyed-in-the-wool" solutions, said James Quinn, senior research analyst at Info-Tech Research Group Ltd.

"They are not sexy, they are not fancy, they are not revolutionary," he said.

In almost every case, the big threats that come along are those that are associated with known vulnerabilities, Quinn pointed out.

Conficker, for example, was an attack that leveraged a vulnerability that had been reported, he said. Zeus was the same, he added.

"These are problems for which a protection mechanism already exists before the problem came along ... there are patches for the vulnerabilities in advance," he said.

The first thing organizations can do to protect themselves from such threats is to patch rigorously and regularly, Quinn suggested.

"Application patches is the single thing -- the most important thing -- that organizations can do. Patch, patch, patch ... it can't be said enough," he said.

Quinn's second suggestion is ensuring that anti-virus tools are up-to-date.

"As long as the tools are up-to-date and they are pushing the definition updates to those tools on a regular basis, again, the organization is going to be in a position that is going to be well protected from contracting any threats," he said.

Even if you do contract the threats, you're still going to be well protected in terms of recovering from them, he noted.

Malware includes tools that block access to security vendor Web sites, Quinn pointed out. This means infected machines are unable to get updates across the Internet in order to download the patches and definition files that will get rid of the problem, he explained.

But they don't have the ability to block internal distribution of virus definition files, he said.

"The company can still push the virus definition to my desktop via a central server ... so making use of a dedicated, centrally managed anti-malware solution and keeping the endpoints up-to-date is absolutely the second thing organizations should be doing," he said.

Quinn's third suggestion is to restrict administrator privileges on endpoints so end users are unable to install software.

"If we restrict end users from having administrator privileges, they cannot inadvertently install malware, they can't install the Trojans, can't install the rootkits," he said.