Security

Malware Part II:   Spyware

 

What is Spyware?

    Spyware is any technology that secretly monitors a user’s computing activities or web-browsing habits, or gathers personal information, (such as credit card numbers, bank accounts, or other financial details), and covertly relays this information to advertisers or other third parties through the user's Internet connection, without the user’s knowledge or consent. Many consider it "cyber trespass" & "information theft".

 

Statistics

    More than 20 million people have adware installed on their computers
    (Source: Gartner, an industry-leading information technology research firm)

    Spyware now makes up 12% of all customer-support calls to Dell
    (Source: News release by Doug Abrahms of the Gannett News Service on August 1, 2004)

    "As of 2004, spyware infection causes more visits to professional computer repairers than any other single cause. In more than half of these cases, the user has no awareness of spyware and initially assumes that the system performance, stability, and/or connectivity issues relate to hardware, Windows installation problems, or a virus." (Source: Wikipedia)

    According to a study of home broadband users conducted in May 2003 for the National Cyber Security Alliance by America Online Inc.:

    • 91% had spyware on their computers
    • 86% keep sensitive information on their computer
    • 62% do not regularly update anti-virus software
    • 67% do not have appropriately-configured firewalls
    (Source: "Fast and Present Danger: In-Home Study of Broadband Security Among American Consumers")

    According to a report released by internet provider Earthlink and anti-adware firm Webroot the amount of really dangerous spyware (for instance keyloggers and trojans) has almost doubled from the first to the second quarter of 2004.

    Scans this year of 1.5 million computers by Earthlink Inc., a major Internet service provider, found an average of 28 spyware programs on each computer. Most were harmless, but one in three computers contained malicious software, including ones that hijack home pages to porn sites, monitor keystrokes to collect personal data or redial Internet connections to expensive services that run up long-distance bills.
    (Source: Gannett News Service Originally published Wednesday, August 11, 2004)

    An article published by in TechWeb News by Gregg Keizer on June 21, 2004 reported that: "Internet Service Provider EarthLink and Webroot, a message security software maker, scanned more than 420,000 PCs during April and found" "nearly one-third infected with Trojans or system monitors ... planted by spyware" "So far this year, the SpyAudit has detected more than 500,000 Trojans and system monitors out of the roughly 1.5 million machines scanned." "The year-to-date average is 27.5 spyware programs or components per system." ("EarthLink and Webroot define spyware as any application or software that's placed on the user's machine without his or her authorization")

 

Know Your Enemies

    Spyware comes in many forms, ranging from those that display simple pop-up ads to those that take control of your computer. Here are some of the most common types.

     

    Spyware

      Spyware has the ability to gather information, such as e-mail addresses, passwords, and credit card numbers, by monitoring keystrokes, scaning files on the hard drive, and snooping other applications, such as email, instant messengers, and word processors. It can read cookies, change the default home page on the Web browser, adds bookmarks to your browser's menu, and install other spyware programs.

      Spyware closely resembles but clearly differs from computer viruses. In both cases, the program installs without the user's knowledge or consent. In both cases, performance degredation and system instability commonly results. Spyware applications run in the background, using the computer's memory, processor, and other resources, and also consume bandwidth as they sends information back to the spyware's home base via the user's Internet connection. The consequences of a moderate to severe spyware infection (privacy issues aside) generally include:

      • substantial loss of system performance (over 50% in extreme cases)
      • major stability issues (crashes and hangs)
      • difficulty connecting to the Internet

      List of spyware threats from the Symantec website

      List of spyware threats from the PestPatrol website

     

    Adware

      Adware, or advertising-supported software, is any software application in which advertisements are displayed while the program is running, in the form of banners, pop-up windows, or a menu bar. Adware tracks a user's Internet usage and shopping habits in order for the program to know which advertisements to display based on the user’s preferences, and then serves up targeted advertising.

      Adware is an attractive business to investors because it gives marketers the opportunity to reach consumers while they're buying something online. For example, a retailer could use adware to send a coupon to a Web surfer just as they're researching bouquets at a rival's Web site. Countless advertisers have attested to its effectiveness. The justification for adware is that it helps recover programming development cost, while reducing or eliminating ("freeware") the price of the application for the user.

      Adware programs are similar to spyware, in that they often include components for tracking a subject's activities and reporting back to third parties for commercial purposes.

      When adware is installed without the user's authorization or knowledge, it is considered "Spyware".
      If the user is aware of the full functionality, and has knowingly and explicitly given consent, adware is not spyware and is legal.

      List of adware threats from the Symantec website

      List of adware threats from the PestPatrol website

     

    Browser Helper Objects (BHOs)

      An add-on technology introduced by Microsoft to allow programmers to customize Internet Explorer, BHOs are software components that load with Internet Explorer and share the browser's access and permissions. BHOs can perform any action the browser can perform, and make it appear as if the the browser had performed them. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. The close integration with Internet Explorer allows browser helpers to go undetected by many antivirus programs.

      Some exploits of this technology search all pages you view in the browser and replace banner advertisements with other ads (adware). Some exploits change your browser's home page to some other site ("Browser Hijacking"). Some exploits monitor and report on your actions (spyware), including installing keystroke logger trojans, which scan for "https" sessions connecting to URLs of popular banks (including Citibank, WestPac, Barcklays and HSBC) and then intercept outbound data, stealing online banking passwords, from Internet Explorer before it is encrypted (using the Secure Sockets Layer, SSL, protocol).

      List of Browser Helper threats from the PestPatrol website

      List of Hijacking threats from the PestPatrol website

     

    Banner Ads

      Banner ads, or simply banners, are a form of online advertising. Though most are benign benign, they are listed here because spyware is often delivered using banner ads. The banner code serves as the trigger for a string of exploit scripts that trick Internet browsers into downloading malware or spyware, such as keystroke logging trojans that steals bank login information. Banners on most websites are actually pass-through displays from third-party servers belonging to "banner networks", brokers who buy and sell ads and website advertising space. With their ability to inject malicious code into hundreds of outside web sites, banner networks offer a vehicle for the rapid distribution of trojans and other malware, and are attractive to cyber-criminals as targets for launching attacks.

     

    Pop-Up Ads

      Pop-up ads are a form of online advertising. Pop-up windows are more difficult to overlook than static banner ads. Pop-ups ads also have a much higher click rate than banner ads, and so are more effective revenue generators. So even though most users regard pop-up ads as a nuisance, their use has proliferated. Interestingly, all major web browsers except Internet Explorer now allow the user to block pop-ups almost completely. Though most are benign benign, they are listed here because spyware is often delivered using pop-up ads (called "download pop-ups").

      A less scrupulous variation of automatic installation, called a "drive-by download", installs a program on a computer's hard drive without even first generating a pop-up window.

     

    Recommended Reading:

 

Prevention & Repair

Spyware Resources

 

Copyright © 2003 Scientis       Privacy Policy       Terms, Conditions, & Notices