By Topic

Combating file infectors on corporate networks

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Thomas, V. ; McAfee Avert Labs. ; Jyoti, N.

In this age of botnets, rootkits, spyware, and other bleeding-edge security threats, file infectors are frequently thought of as a dead threat. But during the past year or so, we have observed an unprecedented growth in classic file-infecting viruses that have enjoyed a relatively high degree of success in the wild - causing widespread damage to computer systems. Many of the new viruses seen today aren't advancements in their own right; rather, they have just taken advantage of advancements in technology. And the sophistication of infection techniques and vectors used by viruses these days are on the rise. With a recent increase in network file-infecting viruses, it's high time we revisit the traditional techniques used to detect virus-like activity on the network and improve them. This paper proposes using virtual area networks (VLANs) technology to mass deploy a SAMBA based honeypot to the entire site. We also look at setting up a server message block (SMB) based sniffer to capture file-infector activity on the local area network. The proposed solutions are scalable, cost effective and were internally implemented at McAfee Avert Labs.

Published in:

Malicious and Unwanted Software, 2008. MALWARE 2008. 3rd International Conference on

Date of Conference:

7-8 Oct. 2008