Salesforce

Security Alerts - Dyre Malware

Subscribe
Linda Johnson
Linda Johnson Dec 10, 2014

In September 2014, Salesforce issued a security alert in Knowledge Article Number: 000199724:

[https://help.salesforce.com/apex/HTViewSolution?urlname=Security-Alert-Dyre-Malware]

This notified customers that one of its security partners identified the Dyre malware as potentially targeting some Salesforce users. According to Salesforce, this is not a vulnerability within Salesforce, but malware that resides on infected computer systems and is designed to steal user log-in credentials.

Recently, I received an email from Salesforce Security that had identified an issue on a computer of one of our customers. So - What is Dyre Malware, how do you avoid Malware and what are the steps you should take should this happen to one of your users?

What is Dyre Malware - Malware is short for “malicious software." When first discovered, Dyre targeted users of banking and financial sites to steal their login credentials and commit financial fraud. It now appears to be targeting Salesforce users.

How do you avoid Malware - Make sure that your computer is adequately protected and you are practicing safe computing!

  • The key is keeping your security software updated. Make sure you have installed anti-virus, anti-spyware and a firewall
  • Download from trusted sites - free software can come with malware
  • Back up regularly - make sure that if your computer crashes your files, photos and anything important to you is backed up on a regular basis. For comprehensive information on avoiding, detecting, and eliminating malware, check out this link: http://www.onguardonline.gov/articles/0011-malware.
If you have put all the procedures in place and one of your users still gets infected with the Dyre Malware, what should you do next? If discovered by Salesforce, an email notification from the Security team is sent to the administrators and infected user. Key information will be contained in the email - Username, Login Timestamp, User IP Address and Malware Type (in this case Dyre). Salesforce will also freeze the user's access.

Recommended Actions to take 

  • Disconnect the affected machine from the network until remediated
  • Reset the user(s) password
  • Conduct a thorough forensic investigation and remediation of the infected system
  • Remove any malware found on the host (or reinstall the operating system if malware could not be found or could not be removed)
  • Only unfreeze the user’s access once their password has been rotated and all their systems cleaned.

Salesforce will also open a customer support case in the Help & Training portal where you can track this issue and gain additional support and details.

We hope that this never happens to you or your users - but as Ben Franklin once said "An ounce of prevention is worth a pound of cure".

 
Linda Johnson
ABOUT THE AUTHOR
Linda Johnson, Summa

Linda's been a "Salesforce Jedi" for Summa since 2009 and previously worked as a Salesforce Systems Manager in the financial services and retail sectors. She has rich experience implementing Salesforce projects for small companies and large-scale enterprises alike, holds a slew of Salesforce certifications and is a recognized expert in many areas, including (but not limited to) custom buttons, complex reporting and solutions, business process design and generally making her customers wildly delighted!

Related posts
Vic Novak Vic Novak

How the Salesforce ‘17 Summer Release Helps Tame Files

Read More
Alexandra Stehman Alexandra Stehman

Bolt Has Struck the Manufacturing Community

Everyone likes Salesforce Communities, but working with Lightning templates for Communities is another story.

Read More

611 William Penn Place
12th Floor
Pittsburgh, PA 15219

Phone: 412.258.3300
 |  
Follow Us
© 2010- Summa Technologies, Inc. All rights reserved.