There are a number of methods through which malware can compromise an organization. These methods are sometimes referred to as threat vectors and represent the areas that require the most attention in your environment when designing an effective antivirus solution. The following list includes the areas in typical organizations that are subject to the most risk for malware attack:

External networks. Any network that is not under the direct control of an organization should be considered as a potential source for malware. However, the Internet is by far the largest malware threat. The anonymity and connectivity that the Internet provides allows individuals with malicious intent to gain rapid and effective access to many targets to mount attacks using malicious code.

Guest clients. As the use of laptops and mobile devices continues to expand in business, devices are regularly moved in and out of other organization’s infrastructures. If guest clients do not have an effective antivirus defense in place, they represent a malware threat to the organization.

Executable files. Any code that has the ability to execute can act as malware. This includes not only programs, but also scripts, batch files, and active objects such as Microsoft ActiveX controls.

Documents. As word processors and spreadsheet applications have become more powerful they have become targets for malware writers. Macro languages supported within many applications make them potential malware targets.

E-mail. Malware writers can exploit both e-mail attachments and active Hypertext Markup Language (HTML) code within e-mail messages as attack methods.

Removable media. File transfer via some form of removable media is an issue that organizations need to address as part of their antivirus defenses. Some of the more common removable media include:

CD-ROM or DVD-ROM discs. The advent of cheap CD and DVD recording devices has made these media very accessible to all computer users, including those who write malware.

Floppy and Zip drives. These media are becoming less prevalent due to their limited capacity and speed, but still remain risks if malware is physically able to access them.

USB drives. These devices take on many forms, ranging from the classic key ring-sized device to a wrist watch. All these devices can be used to introduce malware if they can be inserted into the Universal Serial Bus (USB) port of a host.

Memory cards. Digital cameras and mobile devices, such as PDAs and mobile phones, have helped establish digital memory cards. Card readers are becoming increasingly standard devices on computers, which makes it easier for users to transfer data on memory cards. Because this data is file-based, these cards can also transfer malware onto a host system.



MR. B