Wednesday, April 28th, 2010
There are myriad ways that viruses, Trojans and other types of malicious code can get into your business and it pays to be up on all of them. Security company AVG (AU/NZ) offers some advice.

Did You Know:
• Social networks are a valuable tool for today’s businesses but open up significant security risks
• Phishing and other social engineering tricks can (and do) fool even the smartest people
• Even Instant Messaging isn’t safe

Completely blocking users’ access to the Internet would go a long way towards keeping viruses and other malware out of your company, but it wouldn’t do a whole lot of good for your business. So you need to be aware of – and take steps to protect – the ways the bad guys get access to your valuable information.

Here's an overview of the main threats and how to protect against them.

1. Web Surfing and Social Networking – It’s the Wild Web Out There

The web is a cyber criminal’s dream come true. It’s instantaneous. It’s anonymous. And it’s very, very easy to fool people. A web site that looks at first glance to be your bank’s web site can easily be a clever forgery. And that video-viewing download you’re being offered? Chances are you don’t need it – and you certainly don’t need the spyware that may well be hidden behind a realistic-sounding application name.

"The Web has become the attack vector of choice. With e-mail, attackers had only a limited number of ways to a computer: either with an infected attachment, or with a link to a web page which would deliver the malware. While attackers still use e-mail, they have discovered that the Web in general – and social networks in particular - provides them with a much broader range of options," according to AVG (AU/NZ)’s Marketing Manager, Lloyd Borrett.

Social networking sites are of particular concern when it comes to malware distribution, according to the recent “Trial By Fire” survey conducted by consultants PriceWaterhouseCoopers (PWC). (See

"Today a new generation of employees worldwide is accessing social networks from work in great numbers, often without the knowledge of the IT department - and in circumvention of the traditional countermeasures employed by many," the PWC report states.

Traditional virus/malware protection was not designed to cope with the here today, gone tomorrow threats that typically infect social networks. And you can be sure those thousands of Facebook application developers are not focusing their efforts on the security of their applications.

Blocking social networks is no longer feasible – they’re an integral part of marketing and recruitment programs in many companies today. A more equitable solution can be found in technologies like AVG LinkScanner®, which checks web pages for security risks before allowing the page to download to the user’s browser. LinkScanner is included in AVG’s business security products.

See also:
• Social Networking Poll Shows Users More Vulnerable Than Ever
• Top 10 Tips To Stay Safe on Facebook from AVG

2. E-mail and Spam - Oldies But Still Baddies

For many years, the virus writers’ distribution method of choice was e-mail attachments. Although still a popular method of attack, e-mail is a far less effective way to fool people into opening things they shouldn’t. The bad guys have learnt that using the world wide web to deliver attacks is more efficient. "When e-mail was the primary attack vector, simply installing an anti-virus and exercising caution when opening attachments mitigated the majority of threats," explains Borrett.

In addition to installing a reputable security solution and keeping it updated, educating employees on responsible e-mail behaviour is fundamental to e-mail security efforts. One important reminder comes from the Australian government web site “Stay Smart Online”, "Many viruses can ‘spoof’ the return address [in an e-mail], making it look like the message came from someone else. If you recognise the return address but weren’t expecting the message, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments," the organisation advises.

You might also want to consider configuring your e-mail system to block the automatic downloading of attachments; this will have the added benefit of discouraging employees from overloading the e-mail network with unnecessary attachments.

3. Instant Messaging - Chatting Your Way To Trouble

While not yet as ubiquitous as e-mail, instant messaging (IM) is gaining momentum as a business communications tool, and carries many of the same risks as e-mail, as well as some unique to the IM environment. Viruses and other malware can be hidden in files sent over IM. Links embedded in messages can lead to infected web sites.

IM even has its own version of spam, sometimes called SpIM – Spam over Instant Messaging. Microsoft warns users to be aware that "Some IM services link your screen name to your e-mail address when you register. The easy availability of your e-mail address can result in an increased number of spam and phishing attacks.” So users should take care when they register for an IM account that they don’t inadvertently advertise their e-mail address.

Contact Profile


Internet security, malware, social networks, instant messaging, phishing



More Formats