Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    The Dilemma of Reporting Spyware Attacks

    By
    Matt Hines
    -
    August 3, 2006
    Share
    Facebook
    Twitter
    Linkedin

      LAS VEGAS—The Federal Trade Commission is asking corporations to report incidents when they are victimized by spyware attacks, but some experts say the process of doing so puts businesses in a tricky position, where they must weigh the benefits of pursuing malware code distributors against the potential for legal recrimination.

      Speaking at a roundtable discussion on the topic of spyware at the Black Hat Briefings security conference being held here July 31 through Aug. 3, Eileen Harrington, a deputy director in the Bureau of Consumer Protection at the FTC, said that companies will need to be more forthcoming if they are to help the agency track down malware writers and take those individuals to court.

      While companies must be held responsible for any mistakes they make that leave computer networks and sensitive data exposed to attacks, law enforcement officials need private-sector organizations to contribute more actively if the FTC is going to make headway in tracking down those responsible for the programs, she said.

      /zimages/2/28571.gifThe FBI wants hackers to join the fight against Web mobsters. Click here to read more.

      “Companies need to report problems to help us do our jobs. If you have the appropriate security measures in place, you shouldnt be afraid to contact us,” Harrington said. “Where liability can arise on the part of the private sector is when personally identifiable information on an [IT] system has not been reasonably protected. What constitutes reasonable varies from case to case, and we will sue companies when those steps are not in place.”

      The proposition is enough to strike fear in the hearts of business executives and IT administrators, as they must consider the implications of admitting an attack and lending a hand versus not reporting a security lapse that allows the spyware to take root and do damage. In addition to the promise of potential fines and legal action from agencies including the FTC, companies must also take into consideration the fact that their corporate image could be tarnished by the related publicity fallout.

      However, Harrington said that by reaching out to the FTC, companies may also reduce any fines they receive as a result of being found liable for a data breach. She also admitted that the Washington-based agency has retired some of its own computers “to the closet” that became too loaded with malware programs to be considered useful.

      “If you had a data breach and didnt have proper protections in place, you may wind up on the other end of enforcement, but were likely to find out about it anyway,” the FTC official said. “If you let us know, it may also mitigate in some way the nature of any [penalties] sought by the FTC.”

      Another panelist, Andre Gold, chief information security officer for Houston-based Continental Airlines, shook his head and smiled as Harrington described the need for companies to report their major security incidents. His comments summed up the reaction of many Black Hat attendees, who appeared flummoxed by the notion of trying to stop spyware distributors while protecting the interests of their own companies.

      “Its definitely concerning when youre being asked to go to the FTC and you might be told that you havent done a good enough job,” Gold said. “I dont think that model works very well.”

      Another alternative for companies troubled by the dilemma of how to share their attack information is to work with researchers who can report incidents to law enforcement without handing over specific corporate information, said panelist Ari Schwartz, deputy director of the Center for Democracy and Technology.

      /zimages/2/28571.gifA pair of hackers expose a “critical” Wi-Fi driver flaw. Click here to read more.

      While some believe the spyware problem has faded somewhat, with the large volume of attacks of previous years being replaced by more targeted campaigns against specific companies or groups of end users, new figures indicate that the malware format continues to proliferate.

      According to the latest research collected by Webroot Software, to be published in the Mountain View, Calif., companys quarterly malware report later this month, there were more than 100,000 new sites discovered between April 1 and June 30 that were found to be distributing spyware and other malicious programs. The company has unearthed some 527,000 malware sites since launching its research in 2004.

      While 67 percent of the new sites were hosted in the United States, compared with Germany, which ranked second with only 7.5 percent of the spyware distributors, Webroot Chief Technology Officer Gerhard Eschelbeck said the people behind the efforts are likely distributed around the globe. The predominance of spyware sites in the United States is likely driven by criminals desire to steal money from American companies, he said.

      Spyware programs used to deliver Trojan viruses are also on the upswing, according to Webroot. The company found that 31 percent of the spyware programs it intercepted during the second quarter carried Trojans, compared with 19 percent during the same time frame last year, and 14 percent two years ago.

      /zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Matt Hines

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×