Top malware threats: Not Flame

Big malware makes big news, but not big threats for most normal companies

By all accounts, the malware Flame is something. Maybe something huge. Maybe something old and not that interesting. Maybe another shot in the skirmish that's allegedly going on between Israel and Iran for years over limits on nuclear weapons.

One thing's for sure about Flame: it has generated a lot of page views.

Even when it's not any direct threat, malware is fascinating, for all kinds of reasons. The risk of getting bitten in the tuchus for doing something interesting hits all those guilt buttons. The potential for a problematic infection coming from users you've warned a hundred times not to open attachments to obvious spam is another.

The voyeuristic thrill of seeing someone else damaged by something you managed to avoid (through no fault of your own) is enough to back up traffic for even minor accidents.

The problem, at least with malware, is we don't know which threats are necessarily threats to us – a variable that sits very close to the center of any risk calculation.

After studying malware attacks on more than 700 companies worldwide, ThreatMetrix has boiled down the threat to the four most prevalent risks.

ThreatMetrix' short list – published in an article in BankInfoSecuirty – isn't specific enough to put any individual risk onto your To Counter list, but it will clarify the picture enough to know what categories deserve the most worry.

Tops on the list? Mobile anything, but primarily Android, the new favorite platform for malware writers for its popularity, lax security and clueless users.

No. 2 top malware threat:Social networks spread social malware. Trojans, specifically. The problem with social networks is that we trust people we're connected to on Twitter, LinkedIn or Facebook, according to ThreatMatrix. The problem with people we're connected to is that they're morons who allow their own accounts to be compromised or directly pass Trojans on to their own vulnerable, gullible friends. Bastards.

No. 3 top malware threat: "Man in the browser" attacks. Website pop-ups embedded with JavaScript that can execute wire transfers, steal passwords or just create a back door that could turn your machine into a botnet zombie later, or give attackers entry through the firewall via your laptop.

No. 4 top malware threat: BYOD. Convenient, useful and inescapable as it is, BYOD presents risks to the company by allowing employees who may stick to security policies in the office to bring in devices that live in the place where they wallow in Trojans, malware and spam. Welcome to my messy inner sanctum, formerly secure employer. Have you met my "banker" Dmitri?

Trivial as some malware seems compared to Flame and the other toys the big boys play with, they always lead to worse things; malware turns into a security threat which becomes fraud, espionage or grand theft cyber.

Not as exciting as Flame, or as threatening. Unless you get it yourself. Then whichever malware you get is guaranteed to distract your attention from whatever new bug Iranian nuclear scientists are trying to deal with these days which, if you don't think about it, isn't anything you'd worry about.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

What’s wrong? The new clean desk test
You Might Like
Join the discussion
Be the first to comment on this article. Our Commenting Policies