Eliminating Malware Means Understanding its ‘Tricks’
Any attempt to prevent malware from taking hold in a network or system must depend on a thorough understanding of how malicious programs tend to infiltrate information systems as well as how they propagate. While there are many ways to search for malware, by “signatures” that identify known malicious files, for example, one of the most useful is to look for such programs by searching for evidence of unauthorized communication on the network.
One of the tools of the trade for anti-malware experts is to be on the lookout for suspicious IRC traffic. This can include both traffic that is simply unexpected as well as traffic occurring on ports that are not generally used for this purposed. Malware frequently uses IRC in order to send commands, so looking for suspicious traffic can help managed programs staff to trace the origin of the traffic back to the offending program.
Another key way to look for malware involves examining histories of downloads on the system. These should be examined for odd behavior both by machine and by user name. If the same site is being visited on a regular basis for an attempt at a file download, this could be an indication of a malicious bot trying to cause even worse infections on the system.
Another problematic traffic pattern is when web browsers are routed directly to a numerical IP address. Most Internet users rarely type out numbers instead of alphabetic web addresses. Malicious bots, however, frequently exhibit this behavior.
A skilled IT consultant can implement these and other robust IT solutions that use a variety of attack methods to hunt out and eradicate malware.
Written by the technical staff at iCorps Technologies.