Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Spyware: The Next Real Threat



 By: Ryan Naraine
2004-12-09
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
A Computer Associates exec warns that spyware will soon become an even bigger headache for enterprises than viruses.

NEW YORK—Spyware will replace the mass-mailing worm as the biggest nuisance—and security threat—facing businesses in 2005.

Thats the chilling assessment from Roger Thompson, director of content research security management at Computer Associates International Inc.

Thompson used the spotlight of the InfoSecurity 2004 conference here to highlight the growing threat from spyware and adware "pests" and issue a call to arms for a unified industry approach to fighting back.

"The only things multiplying faster than definitions for what constitutes spyware, is the malware itself," Thompson said, warning that the threat from spyware will make mass-mailing viruses seem trivial.

"The mass-mailers became a problem because they were spreading faster than we could issue updates to block them. Theyre still around today, but weve figured out ways to keep them at bay. They cease to be a real strategic threat to corporations," Thompson said.

Resource Library:

Spyware, on the other hand, which uses covert techniques to install itself on computers and track user activity to serve up annoying advertisements, presents a legitimate threat because of the way malicious code can be executed on infected systems.

Spyware, otherwise known as adware, has become the preferred delivery mechanism for malicious Trojans capable of relaying information to other computers or locations on the Web. According to anti-virus vendor Symantec Corp., spyware authors can actively or passively hijack user passwords, log-in details, credit card numbers and other sensitive personal information.

Because spyware is often tied to peer-to-peer applications, experts warn that individual files or other corporate data could be stolen by spyware programs running on infected systems.

"Your data is at risk and theres nothing we can do right now to stop it," Thompson said. He confirmed a researchers recent findings that the best-performing anti-spyware scanner is not capable of detecting all the "critical" files and registry entries installed by the malicious programs.

"Spyware is built for functionality. No one, except the spyware author, knows what the program is capable of doing. Theyre changing frequently and theyre becoming impossible to manage," Thompson said.

He explained that spyware writers use "tricklers" to silently reinstall spyware components after they are removed. "This makes it even worse than the mass-mailers. They change the components frequently and even when you remove registry key entries, the program simply reinstalls it," Thompson warned.

He said legitimate companies that market P2P applications such as Kazaa and Grokster have built spyware acceptance into complicated EULAs (end-user license agreements). "When you install the P2P program, you agree in advance to accept all future changes, even the changes made by the tricklers," he said.Kazaa, which is distributed by Sharman Networks, has been fingered by CA as the worst pest on its spyware list. The Islandia, N.Y.-based CA reckons that Kazaa users suffer from degrading network performance and storage consumption because of the embedded spyware and adware that comes with the application.

During his presentation at the security conference, Thompson predicted that malicious spyware writers will take advantage of P2P and instant messaging usage in the workplace to wreak havoc.

While activities such as file-sharing or downloading shareware are currently viewed as a mere nuisance, Thompson warned that the industry cannot afford to ignore the growing evidence that spyware "will soon become an even bigger headache than viruses."

He suggested businesses treat any program that offers remote access as a potential threat. "Even the network management tools that you use to access desktops can be spyware in the wrong context.

"Remember, a virus is a single program with a single registry key. With spyware, were talking about thousands of programs with lots of registry keys. We dont even know the motive of the spyware authors. Its very hard to find legitimate use for a spyware program, no matter how hard we try," he added.

Click here to read about CAs new anti-spyware software.

He said spyware running on enterprise computers is an "enormous threat" because there is absolutely no knowledge of the kinds of data being transmitted to the mother ship. "Theyre usually working over Port 80 so nothing is stopping it. The possibility for corporate espionage is enormous."

Thompson said he believes the industry will benefit from the passage of anti-spyware legislation. Congress is debating four anti-spyware bills, including HR 2929, which was introduced by U.S. Rep. Mary Bono to require that users give explicit permission before tracking software is installed.

"We need to monitor the activities of the adware purveyors to ensure they behave. The first step is to make sure we strengthen the rules for these companies. The fight back will be a combination of legislation and technology," Thompson said.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: Spyware: The Next Real Threat
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}vH9Nj0>`)c<*OP[HIEK?K3nDf vձ RfdFdDddddw|Aȥ=!]ǘ[cSݣ&}w$5vvCiz()ԫѩe軫F]̉]/WhkH,Q tjGt0.Rs2 j9뻲9&ԗo+Nne0-ڶAq>)2zʠ ~5{ !%~=KE!e$,oqX|؁䛿Q=,2r3͛6BJ C+Jd/B(?cR;ǎ-4~G{A0/Pcw0}Gdd9r4(=yɰ{ /B1r!bLռ;@ *Y)N Dƞ4HCKd;@;&3ÃtXF?DA]ݱZ.t53f_ɠi!Zdq}9e(f42MYRr(q_=TEi΃oSug^o~TK(U@,;ڎ2h[I"ijY=vNozـ\>//?ȣ-N k?0QR&rxd" P}jCG',/B.rM7JQròjYAv98֓,f3} 3+i3K"t'lni_ 77~ ڧ'7ϟ̲1<J?T ؕΚgxo_:nZVOz79m8sوlnAZ|[kUVlxmuHuf{ dP[w8LwʡT*Cw:r&j]:윒$˷SYn Z%0dio,Yn_H!)Ma(E#0 i4(-ߦAf@[.@(k:Q:<)`I+ TE&嗋mSq>]Q${3BDȽ`g@3 BD4?CC0&pJn.r?uK󁯚yzjNڊ1Wr{, .ϱ'vs"U~yކ)CKEhYf7-wI%QImsQUc1*(pÒrkXQnũl 2XjXvR7X[AQݯ?σ@uti3c|>9Gm'!|Аd mxZ. 3IXn`΀&hoqyڭ-opA}x3z&z4H۠h&r<kIMlLJ.??6 { G`p&{xk=`DkwKGHb1L{TE}vACAXz]^@}9\P_Qm^3-mdZ`1 5:%Km@i0x2CDأ$@!-i]R@Az8 -8,rr $azGBť~ T<ʦBI*}s㙰Ge-n^ $ d6g2{&vϏ[L%G,D`v9J,L.i)lb djԍe}XU& MX,CtH{27-4a [X' - LSF3pEql0A{@L\nb8$o4<3_O#k[}U_+ jJ=WsA|5i!sL&Ze ?Ug Hud[K7KVGٽ/ 7JeO_֥(U{g@x# l+ ̠ژ WZ" IPצ(XkezdxE6*&CŸä 7u=k}0T\jS#SvPQa5sV@@@7h TolVCax=Zz As,K=X{vl.n9 ){y4%2N?APiSt @IJ=t%\42.|O ZbO`.#Všc-fˋ°^]4~1|2ݴۄCd= 1͉V*a0؋TMkEsOs=)_ 0iTW+JTIH~1:2.eX PY.5mIr 'jY$ Ei.J5y$pRx0A$cǛř¨0qqغ7<1Xe[;pM;~ 6AS-cfD&ǹL,*I/eE&x!5 dj>'$o+:Ӏah"pHE@xZ4~F>$O$A1 [ hg[FujIx-!8ˇI%$4X2}=tǜ}h3ʫ2 y@z"rP;(j15ǩVKJxTp~*0yϹoǼL]Cg<ޗ8k!Ew|;(iԛ/Rz71ܦ[pCsO.S)c# ,c`3fW#SPTgHFx_c0u+TNf} ӣzp`KS%+'=ibGHoe]b9N(0q׹9'&~Lg%:<!pwC>PRɖGawg*Q :@{!G:0=,(z,MHT0?v=3H 0-tq%ښwZu^,_mhD1(dyDF4@/q8bk lr+>tzl#R9#nΚ6s}&mnov=ϼt[̍"9ygn2%8z.0JL;%9 gx@̬[m#w6霎1 M`}YD ϓ1/j%oKXDbk>A:kld9,3?t\+`pd LBw lhܕ[0A^c+_?J}[L4@V1-0]̞̙A mۨ*X9 6s'Si mmTRAU;9&DVжU0Hz3898$D[v$MU"[8NY HXLjZ{[ 3/0ւeT=փ~rC5E;4Ћ­7rfP#I(OU?}Pud*ʵREIz, :*7xџ6XD+(++i-^2y!6W"h ޜ-cz; K 3["X>DД7Ϩ3Rb  k(Qh-Bwe*p0 O+oskKIlϱkKzk@52Ri%$\Hj,E'snL؞EA(ǡd:)dnQ{{!n@&|ݙCadJH>hwĶVU %Da!`0dzT#GY\' TJ|X8 s>TNbx<'b{H ' aVn_B'GcI`U 3|'*+㏌&мn.z?N п"}QLXUv٩G#;?Jn;)lw5Κ# QWZ4ҫo%˫؉C.6OY-`0(t#ÚĶ{3 #[/=vc$vdQ;zZ1ߠn_8Z7𿲜\ta_}b|;sF'5\; v,Qӧ}lmDK{,Ai8;_PVp9c,9njptUd_rxY~pfi##Wi^7yepja~%X@R{#|$~1xGM>xuS意G ڽ9+j3rĸnioԕa4tͥvR>}i?v;}Ҿ2CWq [:i)`*9$DhHZT{5w7}\pJU_V ;ld+N$c,nv (f~\;pOʠcos[gȞx~GwbR _Y.=]aw>أPGqww~=ﲷ{%nwYhr;DʒoO7ڲƯ@" bY_ IKwvzY2YXdbQ;Wٞg 1O O=pԶ؉ǓExWxg!,da}43G0[+=)Ιd<J;ooݍnL M A;"J [ rUCaC_PvpU4"Zy"N0? /o1֢$G |o(o&򽡎xnZS*9oL_lXS|  \(\=3q ɛx^0d\ڊ]fKn~ ~/wLViyn&o]e_=T]Nm:Ber.rS`9I#"#: />C"q"CA.; $AX ]81~ -V>\fYRs1 6_:m27 d_2ϕR F_UJ?&zȎ, %׈!]*NN' ㋡sh'H2*G"1Ive#I gSt#x;f.kB6j6tsIL+xLrr&<aa)@n3]F㝄E&<NxtџO&G7ʒ; s ,f)+)X=fNN=x>NV1paʾȃ^ʂrke}iଶyM4L Tp!'npr҄e}ɆYHLP!;©Ga}HN KrZX ?i. }徻`J+Vjĵ, pw8pG,g҆@"{(TtI>OUf(}{w]n㝪(RI!"ԧA7u@ɂ(H]LB}g/?W@OD]ҳw敆ɘH>X"[qAU*RyS.(tMcƒR39cs3y%qW (9K̝)a5W8|'!|&fl̬`'VHgҦ[1!cꦌJV07fKKt2]kL!+bf;b|#FD$ۜԶ!H4muc΀%IXU^|Ą"(AHVmMvYHdX|LfcQ} Qd\ eHTm\ld϶CTeӡzǔ"%[M;0tAMI!slxZ97؀d? A\/z7\Hg/JkrW8)˘&61g9Z#QDӆ(nacbFi^#Ўr0TFDfPq%6d?tR֡aoj,vC1 +Oa-.~b,P1k=cch5)NOėt͊ԎJR@@ DT P᭍]j!V94m8ZW3'iK'HZPא1fV#ߠ=ᙍYKe#YhN>3梅NlqI:iGj\YPKuW93ΊUi o%L/uMOC*Y IUO?n$[,T54D!?{E F Mi&g!nW\- 0pฑٟ9ψ+ "Fۛr6B8}6Q z _S^QtwRjY97bH6hL'R\"`vJ/ Ero_] {5^̆\Z{m., T83޶%v%/gZb 5yIG:DD7w||zJaG'gӛls"cx$Nxuc[y6;DysTri|i7()Pd46%-vU`oPo\ϛhjk<`QshAQV. :ou/@PϧN ^ zat"bPqQL.ji_L>i6rDc $ыa! W\:>4TcO8#=B<8D4ZZg x/n>rߗzPuI%9VT FPo}}A~9:$e_ד䕃8`.Fԓ50sa5Ƥy 3zYo^ߗ ,<.VzbyV.|!H8|^oyt6^Cc^ }k(&RH~%wqBD|(|Q`5f3X&F:=F?̅iXlz,ttSu9KIH-6<J f“ᙗC/xv>J_x,oL,Y.y99Ѱ+ls?>'q5C2ڿ%ް e9r_|kovSxfiP \df5xٮTi`x!Zz8Rxv1‹:Cя"q_pOSGo|֊[NeiΞC5$Jg[!i3'^H%T~X 3LM?c"/=e G)'[ 0 o#p?/[{ӏȴG~SILKws5;8~'L~ jqd<:OMɸQ?H& <7`"iK:baœ9j~G\ϢV=5tzyk*n?LA~_z&-v8Ibb!Q9!K826, wu=F?P9xU(K;'Hϒ'0-mH]E a!/(!/D$ƽ"{<0&isq1kJ%5AV<xj 9"G@Ÿ Rx+R khWAE! ;#Aee3)4k0K2ΩTh,v?Ҍ>&ƘKjxkZSK%>%KZk^YJW BZces{ɣ.j\STUBhRΏ|^c洹a:k6J=!ɣ`5菵J=!vc` -H.қ≠D37+:-%~E@ƀS mQzOa)oc,;w =p cW:tk6٦KMµOA* 8I֡9NTa _q^¿jwݛ@Uj~)qyqE%v X޿ P="Z}2֑:#W*~¼yւ4 B)FcCJta\d飏ji+T1 M0=]N)8|}PWqUc\64ѱk!bŸ  A2xo/un$ " zcIΜWD]%FJ%͜t)6APׯ0O|`sι0Ɣm2V~02-^a9RmmqV.NS)q:.ȅfkeЁH.M ?^J m#W4[~߈fFܞVk"pj>*1IoRwGP46C p4 &CsIڷ`о飇 #L4NLG0? w4qE-`(<ߩ>>o`x sasgnHs.}갨^,{G\o|J7Y \S-r9Gc;޾xsW2$ERwrO0枩ՠNH/TdL4B&(qTik$򽉑{0usk` 3RC´vx``1I(tCK/Hxzsr^RX z~Jb+ zwj꾌!RXbrP)IhR(tK=.*qKʷosY-Uf VHriW0`A 2f24\A%_Ч6#&T`9/wC&O'ӛ5^/SD֚_=HUwNz//gMjy<1(kym2/*v(P]5mf)L;qm.4 /"Ǵw]%;</fmœ(? .(E_CTĨЫSi0LL07[vS+.t_?+gg:^.9uA9^Z+!^qYin8~(hOuڅFhRZl2Gx1/7&i8{9[@V;)?~9ˡ9<B㢓*4:пNN?ӹycy~ /slO<@n}@n}7.g7?D3_[.漇+^~k9onrs#'O9{}3snm{osڿ\'I9oYNopNrW ~TA_կ<彇%YCxϪ Xi7z9ZeuB9W~y sg#i\W^a[«^gieq 6 &c 4tk 7b[y@YYI{R}tEI>tvl+Jy.ߔ[nNJ>q&R2#s"qG\%Üf1'\ NX |8Nt7oE?|[2xi0 :ۓ{7].6tX=Fn_x`bsOkr>u2[~|^O?t_Ҿj^mОeA>gA7gn"B8#wo0 H= _]0vZ{h 7\h DLԌn@R'w>_RVU %7Hd6=#"2t`%EV_$`rXVkK=# /l]{J̾jCO3C[L u+[ %>V7/tj^"_v3v_۱ 2) ޯR1K1@eN*q0*z>box /tp9|L:AÆ/j/Yb+l[z0 S|򷁞N35G<>{iče/A4WI !fIკ&G ?>KSڳGQb$ѓmk4|F+`a?94Ǟ"zL>}T.q "2kH 2s{B|%؄wJP%n2!-ݦt|86M(aת qZ K!j[MA5c;ul>;kwo2& e#f[ˆk# 1| =xss4aUa{Mă v='IDπnuMf@gYl(VxRDZxAbNm% 1o)o,f*/ROe[BI<ŷ<>,D*9"[o %QK0m-)e v"8Y Io=Gmc_Ve ;C~EE3`A-ks\6LDRg }F0~N:mjV0NA9DePޙikx%5'e约1cbV!qmeG-N<}y?٢ u+ğ?.; +C^p멎TU|J6A1^7K:Ɛ9ۭ)0p,\f@G6CF|eKoy(j;ܨNa2+1<&`#]&\n\jџfJ.ѮRTvbbqɜ3&w>G-и Dl}j/͜GԋOg0xeӵh_ɬq;Y?] wmvį-' 9BrX}P/)W:OOgsZu<HmE7#D**K^zXٿ&g8utvKѺ v7"aaA0n,sLN s=cvfg Ш ) l+S߶S3pݜ Q`[_<t#CP1WLڙBzr2fχŀ{̾1N|L/Xu!}őYX&7ę //O ChXjE"ҁ )Q~ mfK#fE [Rj`n~3 f<˜4W6IĶqy5}qX0#ŸEr gaU´Bd+KW±0tlPozc|>[z0XjPtP9+Z0 9\Mhc{pfif#3Sѯ.f  AixUvX#`*F"G7byU],kI'60M؏Ä "5poq=yezИJ pKuBaʩȩ(v}_|JѬd;J sʧ=I~q b\YGl+n:' e{b9~g!gtv.Jzfk{`gFK;,O(ފx׷he&F'ӏ7OW-),h,-(ZLN`)Xfչ:OzvC&ȕ/2F#-<#@g5zID;ydMn+:cQEae=9T]jv[W셳Qb)lئdJ%>\JRSk$Ĥ;P4fre|Ȭ=,Mӝo3a-d4džIkckju