This cute kitten is harboring a malicious test file, four different ways, that every anti-virus should detect, don't blow your whole budget on buzzword bingo "anti-virus" software.
- Start with the basics, enable the built in operating system firewall.
- Build on your authorized software list and consider whitelisting only authorized software packages.
- Keep your data separate from your operating system.
- If your organization is small enough, set your backups to run at end of day and automatically shut down your workstations and network when done.
- Don't install developer tools on day-to-day workstations, use a separate transferable and compartmentalized environment such as Docker.io
- If your staff need a playground, use virtual machinies.
- Use a separate internal server for file sharing and disable all other file shares and p2p (workstation to workstation) communications.
- You don't allow p2p you say? Run this at your Windows command line
- Linux / OS X people? Run this for similar output
netstat -an | grep LISTEN
While anti-virus software has it's place, implementing the steps above will get you far better traction.
Can you identify how the malicious files are hidden? Here's a hint.
Why does this matter? If I can load an image on your system, I can load a malicious payload for future use. Here's a demo of how to pre-load assets.
John Strand of Black Hills Information Security on Security Weekly explaining why Malware isn't your biggest problem and exploits aren't everything "Live from SANS DFIRCON: Panic! Hysteria! No malware required!"
The four ways are: 7z + AES + simple password, LZMA2 + 512Mb dictionary, PKZ + UTF16 EICAR, ???
Want to see something really cool? Save the kitten image and unzip it.