Home > Software > Virus & Malware

• Home
• Consultancy
• Hardware
• Software
• Digital Telephony
• Maintenance & Support
• FAQs
• Contact Us

Virus & Malware

Spyware defined

Opinion is divided on the definition of spyware, since it is often used as an umbrella term for a whole range of malicious and non-malicious software.

Examples include joke programs, adware, Trojans, internet cookies, homepage re-set programs and dialers (software that connects computers to premium- rate phone lines).

Unlike spyware, some adware informs the user of its intended function before installation, but this information is often hidden amongst hundreds of lines of text.

Some malicious spyware presents a security threat because of its ability to secretly record and steal confidential information, or maliciously alter an affected computer - by opening a backdoor to allow access to hackers, for example. Other kinds of spyware are more of a threat to productivity than security. One example of this is adware - software that can collect information on users' surfing habits and displays advertisements while another program is running. Adware usually informs users of its intended function before it is installed, but since this information is often hidden amongst hundreds of lines of dense legal text, some adware sits on the border of being legitimate.

However, it is malicious spyware that threatens security, mainly through data theft, hacking and network damage. Examples of malicious spyware include Trojans and system monitors such as keystroke loggers, which can steal data such as passwords typed into a keyboard. Other programs can turn on webcams and microphones, allowing hackers to spy on computer users. In the context of this paper, all discussion of spyware relates to malicious spyware, i.e. that which is installed secretly, without consent, and threatens the security of networks.

A widespread problem

Although spyware has been around for some time, the actual number of affected computers is not known. However, evidence suggests that the problem has become widespread. Spyware is growing at a faster pace now than ever before 13.15% in the first quarter of 2009 alone, 5 times the growth of the previous quarter (Source Panda Security).

Spyware is certainly recognized as an increasing security threat. In a survey of 600 North American businesses by IDC, spyware was ranked as the fourth greatest threat - ahead of spam, hackers and cyberterrorism. The only areas viewed as bigger threats than spyware were viruses, internet worms and damage through employee errors.

The threat to business

The fact that spyware can become installed and active on a computer or network without the user's permission or knowledge makes it a particular threat to businesses, since it can cause harm in a variety of ways if left undetected.

Spyware can steal confidential business information, leaving companies vulnerable in several ways.

Data theft

One of the main security threats is the ability of spyware to steal important or confidential information. A type of spyware - known as a system monitor - does this by running in the background, recording what is typed into a keyboard and sending the information to another location. Once installed, the software starts reporting the next time the computer is online.

This kind of spyware can steal financial data, spreadsheets, personnel records, bank account numbers, passwords or any other information typed into the affected computer. A damaged reputation, the loss of money or competitive advantage and an increased risk of litigation can all result from this data theft.

Hacking

As well as capturing data, spyware can download other malicious programs or leave computers vulnerable to hackers. Backdoor Trojans can allow hackers unrestricted access to a computer system when it is online, and are a particular risk for computers with broadband internet access. These Trojans can enable hackers to take control of a computer in a variety of ways, such as deleting project plans, altering stock records, downloading porn or controlling the user's mouse and keyboard. Some other Trojans can capture screenshots or turn on webcams, allowing hackers to spy on computer users. For the IT administrator this kind of attack is potentially worse than a virus, since viruses are at least limited by the set commands in their code and will behave predictably. Humans, who have assumed control of a computer system, can react to the information they find and change tactics accordingly, making the threat unpredictable.

Zombie attack

Spyware can also be a very effective tool for spammers, who can use it to gather email addresses or take information and customize spam emails (for example, by using the names of colleagues found on a user's hard disk) thereby increasing response rates. Using a backdoor Trojan as described above, spammers can also take over a vulnerable computer or web server and force it to send out their emails for them, thus making the email appear to be from a legitimate source. Computers that have been hijacked in this way are known as "zombies". It is estimated that as much as 80% of spam is being sent from zombie computers without the user's knowledge.

Network damage

Network performance can also suffer as a result of a spyware attack, as the software places extra demands on the system. For a business, this can mean disruption and decreased productivity while the increasingly difficult to detect software remains undetected, and extra resources spent on finding and clearing up the problem.

How spyware becomes installed

There are several ways in which spyware can become installed on a computer. It can be installed by a virus, or when a user clicks on a weblink or opens an attachment in an email.

Most spyware requires some user action to install it on a computer, such as downloading an ostensibly useful or desirable piece of software (a peer-to-peer file sharing program or screensaver, for example) which may carry the spyware hidden within it. Users may also be duped into downloading spyware in other ways, for example a pop-up message might appear
which prompts them to download a software utility they "need". Once the user agrees, usually by clicking "OK" on an agreement box, the spyware is installed.

By exploiting security vulnerabilities, spyware can secretly install itself when a user visits a certain website or views an email message.

In some cases spyware can become secretly installed by exploiting security vulnerabilities in a web browser such as Internet Explorer. In this case a user only has to visit a certain website or view an HTML email message for spyware to install itself onto their computer. This kind of secret installation is known as a "drive-by download". It can happen if the security settings on a computer are set too low or if an unpatched version of a web browser is being used.

Finally, if security regarding passwords or physical access to desktop computers is lax, spyware can be loaded onto a computer by a person using a CD or USB drive.

How to protect against spyware

There are some basic measures that can be taken to protect a network, such as educating users to be cautious when opening attachments and downloading and installing software. Enforcing a sensible company-wide internet policy will help prevent accidental downloads, and making sure passwords are kept secret will help prevent unauthorized access to desktop computers. It is useful to deploy technology such as personal firewalls to control unwanted communication with the internet. Ensuring that the security settings on web browsers are turned on and kept to a high setting will also provide a measure of protection. Spyware and other kinds of malicious code are often designed to exploit security vulnerabilities. Whenever these are discovered in software, the manufacturers issue security patches for users to download. It is important to keep up to date with the latest patches for whichever browser is being used.

Sources

1. http://publications.mediapost.com ["Spyware Report Raises Broader Questions". By Larry Dobrow, 5 August 2004.] 2. Brian E Burke, "Worldwide Secure Content Management 2004-2008 Forecast Update and 2003 Vendor Shares: a Holistic View of Antivirus, Web Filtering, and Messaging Security" IDC, 2004.

Why are pests on the rise?

Many factors conspire to make today's computer systems a fertile environment for pest growth.

• Users have changed. A decade ago, it seemed that many users were fascinated by the details of their computer's operation. Many knew that the size of COMMAND.COM in DOS 5.0 was 47,485 bytes. But today's users tend to regard computers as just another tool to help them do their job, so there is less interest in the details of what is going on behind the scenes. This simply means that, should problem software be inadvertently introduced to a machine, the number of users that are equipped to realize what has happened and deal with it is a much smaller proportion of the total user population.
• Operating systems are more complex. A decade ago, DOS consisted of COMMAND.COM and two hidden system files, and could fit on a low-capacity floppy. Today, the Windows directory on a typical Windows 98 machine is likely to have 200 or more directories, 4,500 or more files, and use 600 Mb or more. Today, no user could be expected to know what every file in their computer does, where it came from, or if it is even needed.
• New software cannot be readily inspected prior to installation. A decade ago, nearly all software introduced to a machine was installed from a floppy disk. It was a simple matter to determine the immediate source of that software, and to scan it for viruses. Today, nearly all software is introduced to a machine via the Internet. The transfer process might reveal the overall setup package, but not its components. Even the size of the basic component often cannot be determined with precision. And any kind of security check of the installation package cannot usually be done prior to installation.
• Software is installed in obscure ways. A decade ago, software installations involved little more than creating a directory and copying some files. Not until DOS 6 were operating system files even compressed. Today, the exact process followed by an installer is hidden by both the installation package (often a single file contains dozens or hundreds of individual files) and installation procedure (an installer may or may not enumerate files as they are extracted.) Sometimes, as in the case of an ActiveX, Javascript, or VBScript component on a web page, there is no evident installation process at all: the software is simply transferred, installed and run, sometimes without any user interaction at all.
• Trusted sources can no longer be determined. A decade ago, users were counselled to avoid viruses by only installing software from trusted sources, and to not accept software from untrusted sources. Users of a decade ago might call local Bulletin Boards (BBSs), but would rarely make long distance calls to BBSs across the country, or make international calls. And at 2400 baud, users spent some time judging the potential value of software before downloading. Today, all of the world's software is a local call away, via the Internet, and can be accessed 30 to 1,000 times faster than it was a decade ago.
• There is more problem software. Problem software, such as viruses, does not become extinct just because it is hunted. Every piece of malicious code that has ever been distributed probably still lives, somewhere. In short, the evil that men do lives long after they are gone.

Whatever your computer needs, give us a call on 01924 22 33 33, or send us an enquiry.

 

Many thanks for your assistance in the install and transfer of all our data onto a server and bringing I&G ltd into the 21 st century! You have been a pleasure to work with.

Jez Illingworth M IIRSM GradIOSH

 

I was pleased with the way the project was managed and the promptness and relative hassle free installation.

Director of The Leeds Society for Deaf & Blind People