I was sitting in a looonnngggg multi presenter meeting eyes somewhat glazed over when I was suddenly snapped back to reality by one fact.
88% of the US Fortune 500 domains have been accessed by systems infected by the Zeus Trojan.
So the bulk of the Fortune 500 has been touched by or infected with the Zeus Botnet.
The bigger the organization the larger the attack surface the greater the chance employees are accessing corporate systems using infected machines externally or internally.
You can get infected with malware from advertisements on things as benign as social networking sites, you don't even need to be using a social networking site, personal and work email are also distribution vectors so it's not like employees have to be surfing for pornography to track something nasty into the company on the soles of their digital feet.
Do anti-virus packages solve the problem? Well they can help, but they're not the full answer. I've accessed the corporate network from my home computers. They're all running up to date anti-virus and anti-malware protection but it's already been shown that the Zeus Trojan is only detected by major packages less than a quarter of the time as criminals modify and morph it to evade detection. So you won't know what's lurking inside your organization until you sit down and start gathering intelligence.
Malware is like an STI, you might not notice it until you have a flare up, if they're not treated they can spread and people don't run around the place advertising the fact they're infected.
And neither is healthy or hygienic.
EMC has a ton of white hats and mathematicians working on taking apart and analyzing Phising kits, their attacks, servers and networks as well as Trojans and the giant zombie Botnets they're slaved to at RSA FraudAction Lab. Now they're turning that research into a service which can be used to analyze infrastructure and dig out what information has been comprised by an attack or infection inside your organization.
