1
SADISOPSG/14-IP/8/
International Civil Aviation Organization
INFORMATION PAPER / SADISOPSG/14-IP/8
20/03/09
SATELLITE DISTRIBUTION SYSTEM OPERATIONS GROUP (SADISOPSG)
FOURTEENTH MEETING
Bangkok, Thailand, 15 to 17 July 2009
Agenda Item / 6: / Development of the SADIS6.4: / SADIS Internet-based FTP Service
THREATS POSED BY MALICIOUS SOFTWARE
AND MITIGATING ACTIONS
(Presented by the SADISProviderState)
SUMMARYThis brief information paper outlines a recent threat posed by malicious software on a SADIS FTP end-user system, and outlines simple preventative measures that can be taken to mitigate the risks posed.
1.INTRODUCTION
1.1In February 2009, the Met Office identifiedthat the client server of a SADIS FTP user had been compromised by a Trojan horse (also known as a ‘Trojan’). A Trojan, in the context of computing and software, is a form of computer malicious software (or ‘malware’) that appears to perform a desirable function but in fact performs undisclosed malicious functions that can allow unauthorized access to information on themachine or systems connected to the infected machine. The SADIS FTP user whose IT security was compromised shall remain nameless; however it was an aeronautical met service provider within the EUR region.
1.2Whilst Met Office host systems and servers were not comprimised by the user-end security breach (in lieu of up-to-date security protection), the client confirmed that their computer systems had been subject to a number of IT security threats in recent months from unknown sources. The clients SADIS FTP username and password had been compromised by a Trojan.
1.3This brief information paper outlines the risks posed by such malware, and urges all SADIS FTP users to ensure that their systems and servers have the most up-to-date security software available to mitigate such risks.
2.Threats posed by trojans and other malware and mitigating actions that can be taken
2.1Malicious software on computing systems, particularly Trojans, can come in a variety of forms, and there is no single method for deleting them. Trojans are almost always designed to cause harm to an IT system, but they can also be harmless. Malicious Trojans conceal themselves in computer programs and drop malicious payloads (script, code etc) on an infected computer.
2.2Trojans are classed according to how they breach and damage IT systems. There are 6 main types of Trojan horse payloads, namely: remote access; data destruction; downloader; server Trojan; disabling security software; and denial-of-service attack (DoS). Most Trojans hide in system registries and processes. They may be left undetected for a considerable period of time if a user does not take some simple preventative measures that could be considered routine IT ‘house-keeping’.
2.3The simplest response to a threat involves the clearing out of temporary internet files and deleting manually. Normally, up-to-date antivirus software is able to detect and delete malware automatically, with no manual intervention required by a user. If antivirus software is unable to find the threat, booting the computer from an alternative media such as a master CD may allow the antivirus programme to identify and delete the threat before any damage is done.
2.4Up-to-date anti-virus and anti-spyware software from a reputable company is by far the most efficient mechanism to deter against the threats posted by malicious software. Such security software does not need expensive or resource intensive. Many basic security suites can be obtained for as little as $40 per year, including regular updates. A security suite will often sit in the background of an operating system, quietly running and checking for real-time threats on the system.
3.Conclusion
3.1Advances in IT continue a pace, with hackers finding ever more sophisticated ways to compromise computer systems around the world. The threats posed by malicious software on IT systems are very real and complacency is not an option or an excuse.
3.2All SADIS FTP users are encouraged to ensure that their IT systems and servers that connect to the host server have the most up-to-date anti-virus and anti-spyware software to mitigate the risks posed by malicious software. Any user requiring further information should contact their local IT network administrator.
3.3Should the Met Office identify that a users SADIS FTP account has been compromised by a Trojan or other such security threat, the account may be deactivated pending assurances that the necessary security measures are in place on the clients systems/servers. Failure to provide such assurances may result in the clients SADIS FTP account being permanently disabled.
4.ACTION BY THE SADISOPSG
4.1The group is invited to note the information contained in this paper.
— END —