"The primary thing that we do is we track their infrastructure," Van Der Horst says. "Even though they may change the paint or some labels, there's still underlying core stuff we can track. We call it server DNA. A brand new website may show up today, we do a scan of it and inspect its DNA."
"Once you start tracking the ecosystem, this infrastructure, you care less and less about the specific payload it's trying to deliver," he adds. "It doesn't matter what the exploit is, you know it's coming from a bad place."
Van Der Horst suggests five steps organizations can take to better protect themselves against malware threats:
1. Use a security solution that can block malnet infrastructures and limit employee exposure to botnet-producing Trojans.
2. Ensure your security solution can block communications from infected end-user systems to command and control servers to prevent sensitive, confidential or proprietary information from reaching the cyber-criminals.
3. Ensure that web usage policies are up-to-date and keep network/firewall rules current.
4. Deploy a reporting solution that can help you identify potentially infected end-user systems so you can quarantine and clean them.
5. Set and enforce policies that require employees to update their browsers, OS, Adobe Flash, Adobe Reader, Java and other applications with the latest patches and security updates.
Sign up for Computerworld eNewsletters.