This SOAR, which updates earlier reports to DoD on the subject of malicious code, describes common detection, and prevention techniques, and provides pointers to resources for enhancing organizational information security. This update was considered necessary because, over the past three years, there have been numerous malicious code incidents spread through E-mail and the Internet, including several such as the Melissa, ILOVEYOU, CodeRed, and NIMDA viruses that caused major damage to both public and private sector information systems. Objective: This SOAR addresses the current state-of-the-art in detecting and responding to malicious software malware. The intended audience is DoD technical managers responsible for the protection of computer resources potentially susceptible to the malicious code threat. An overview of malicious code is provided as well for those that require some technical background on this topic. This report is intended to serve three purposes? Educate readers regarding the nature of malicious code and current trends to enhance their understanding of the threat to the confidentiality, integrity, and availability of computer-based mission-critical systems. Provide a framework for malicious code countermeasures as a roadmap to guide the development of strategies to combat malicious code. Give an overview of current COTS anti-malware products and vendors. The first malicious code SOAR devoted considerable attention to the evaluation of anti-virus software packages offered by commercial vendors, which were the principal controls available to combat malicious code at that time. Although the availability and capabilities of anti-virus software were limited, the threat was also relatively limited. Given the new threat environment and new countermeasures techniques and capabilities, this SOAR takes a holistic view of available methods, policies, and tools that complement the use of anti-virus software packages to comprehensively combat malicious code. The malicious code threat is neither unitary nor monolithic. Accordingly, a combination of defensive measures and techniques must be used to create a defense-in-depth without degrading the performance of operational systems to unacceptable levels. Scope: The dangers presented today by malicious code to our nation’s computer-based, mission-critical systems are greater than ever. The number of malicious code incidents continues to climb and, in several well-publicized instances, the impact on commercial information technology (IT) infrastructures has been substantial. This report uses available data regarding public domain malicious software activities to describe the threat environment and recommend and describe defensive measures. This report presents specific defensive techniques to combat malicious code. The benefit of discussing this diverse set of techniques is that it provides an additional perspective of malicious software, while at the same time providing pragmatic examples of how to defend DoD computer resources. No attempt was made to gather classified information on this subject.
Stay informed when a new SOAR is released
Subscribe to our upcoming state-of-the-art reports
Want to find out more about this topic?
Request a FREE Technical Inquiry!