Danseglio said the success of social engineering attacks is a sign that the weakest link in malware defense is "human stupidity." "Social engineering is a very, very effective technique. We have statistics that show significant infection rates for the social engineering malware. Phishing is a major problem because there really is no patch for human stupidity," he said.The most recent statistics from Microsofts anti-malware engineering team confirm Danseglios contention. In February alone, the companys free Malicious Software Removal Tool detected a social engineering worm called Win32/Alcan on more than 250,000 unique machines. According to Danseglio, user education goes a long way to mitigating the threat from social engineering, but in companies where staff turnover is high, he said a company may never recoup that investment. "The easy way to deal with this is to think about prevention. Preventing an infection is far easier than cleaning up," he said, urging enterprise administrators to block known bad content using firewalls and proxy filtering and to ensure security software regularly scans for infections. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Ziff Davis Media eSeminars invite: Is your enterprise network truly secure? Join us April 11 at 4 p.m. ET as Akonix demonstrates best practices for neutralizing threats and securing your network.