4
designed “to PROPAGATE” – spread to as many computers as it can and as fast
as it can.
According to this design and intended functionality, typical today’s malware has
relatively small size (less then 1MB).
The most important characteristic of many current malware is the fact that it
designed for HOME computers. Although, some malware did include functionality
to “operate” within the LAN (like sniffing and propagating through network
shares), but their main target is still the HOME computer (stand-alone computer
in the Internet).
1.3 Enterprise malware
If malicious virus writers change design and target of their malicious programs,
what it can be? Which new threats to computer networks can it possibly
introduce?
Definition: Enterprise malware is malicious software that designed to take
advantage of the nature and environment characteristics in the
typical organization’s LAN. The main target of the Enterprise malware
is corporate computers.
Target of the Enterprise malware could be various services within the
organization infrastructure, thus shifting focus from the attacking stand-alone
entity (computer or program) to attacking organization’s infrastructure and
gaining complete control over the network.
Beside the common targets of malware infection (computers, programs), new
possible targets for Enterprise malware could be:
-
Active Directory
o
Propagate via domain logon scripts.
o
Take all administrative rights under malware control.
-
Network services and devices (DNS, WINS, DHCP, routers, switches etc.)
o
Controlling network flow to satisfy malware needs (utilizing ARP
and MAC poisoning, changing network device configuration).
-
Backup infrastructure
o
For self-defense.
-
Security infrastructure
o
For self-defense (attack antivirus and other security related
management servers and consoles).
-
Various logical or physical entities within the organization LAN.
This new type of malware can be redesigned by malicious programmers and can
have the following structure:
 |
 |
 |