Lead

Spies among us

Spyware programs are installed covertly on a computer to watch and observe the user’s activity while surfing the Internet. They harvest information from user-supplied data and transmit it secretly. By Faiz Askari

With the Internet and PC penetration at the work place and in the home growing by the day, there are many threats that loom large and haunt the users of PC and notebooks.

As technology advances threats have also evolved and became more injurious and damaging. Now, Internet users are under the big threat of a new monster called Spyware. Virus attacks and malicious mail had haunted Internet users some time back. Spyware can not only harm a PC but also the data on it.

Spyware is challenging spam and viruses for the top spot on IT worry lists. It poses a considerable threat to enterprise networks and remediation and counter measures are now being regarded as critical to network security.

Elaborating upon the kind of harm spyware can inflict on a PC, Niraj Kaushik, Country Head, Trend Micro says, “Spyware can cause loss of data. In a recent high profile case, a spyware Trojan was discovered harvesting e-mail and other confidential information from corporate computers and sending the information to a competitor. Even governments can be affected by spyware.”

Spyware consists of programs that are installed covertly on a computer to watch and observe a user’s activity while surfing the Internet, harvest information from user-supplied data and transmit it secretly to their ‘masters’. K K Chaudhary, Head- CSG, SecureSynergy says, “Spyware are basically ‘electronic espionage systems’ that can derive many interesting inferences by observing what kinds of sites users visit.”

The emerging threat of spyware is a menace that is likely to grow manifold in coming years and may pose a serious threat to e-business as it affects not only the performance of the system including bandwidth but also the confidence of the Internet user community. It hits at one of the basic ingredients of security–confidentiality, and is one of the most critical technology threats.

Defining Spyware as a blended threat, Sanjay Pradhan, CEO, Max PC Secure says, “This can spread through multiple channels, including e-mail, Web browsing, instant messaging, and peer-to-peer networks. Unlike forms of malware such as viruses that are purely mischievous, spyware is created and proliferated for specific purposes such as marketing, identity theft, financial fraud, theft of intellectual property, and to create network security holes to be exploited in future attacks. There is a strong myth prevailing in the Indian market about Spyware that it is similar to viruses but the reality is far different.”

Technically both these threats are different and come into existence with different motives. Viruses are more destructive and have implications which can be noticed immediately whereas spyware is hidden and leads to more catastrophic losses.

Spyware technology can also be used to other ends, such as gathering passwords, credit card numbers, and other sensitive personal information.

How Spyware works

Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user’s interaction with the computer, without the user’s informed consent. It is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.

Talking about the modus operandi of Spyware, Kaushik says, “These programs can collect various types of personal information. They can also interfere with a user’s control of the computer in other ways, such as installing additional software, redirecting Web browser activity, or diverting advertising revenue to a third party.”

Spyware enters computer systems piggy-backing on a user desired downloadable software or taking advantage of a user’s ignorance of clicking on pop-ups, advertisements or even warning pages in the same manner as a human spy enters the enemy’s territory. “Once there, it embeds itself into the operating system (e.g., as registry programs) and carries out the intended activities covertly,” says Chaudhary.

Earlier spying was conducted using bugs, recorders, and cameras which has now transformed into sophisticated software which is small in size, well hidden and captures your browsing behaviour, keystrokes, sensitive information such as Login ID, Credit Card numbers etc. Furthermore, Pradhan also says, “With information going from “Physical” to “Digital”, there are a number of professional companies supporting this cause for different motives like financial gain, competitive advantage and trade secrets. Well written spyware often camouflages itself in important files, cookies, executable files and screen savers.”

A threat to the enterprise

Enterprises are well are of fact that they are under constant attack by competitors. Traditionally corporate espionage involved physical break-ins or human spies. In today’s scenario one fact remains same. Pradhan adds, “Trade secrets are stolen “digitally”. Databases can be hacked, or computer spyware can be used to siphon off information created or accessed by any employee. Apart from this there are various other factors like high utilisation of bandwidth by spyware, high support call and DOS (denial of service) attacks.”

According recent data published by Dell 25 percent of their support calls relate to Spyware. An enterprise is more likely to spend additional money in buying Internet bandwidth, increasing its facility management service and hiring more support engineers.  

Moreover, spyware can also harm enterprise networks. Apart from degrading the performance of the system, it may choke bandwidth causing both financial and operational losses in addition to loss of goodwill. Chaudhary adds, “Identity theft through spyware may render the security of an enterprise network irrelevant. Industrial espionage, which involves passing a company’s plan, product information or trade secrets to its adversaries, may cause irrecoverable damage to the enterprise.”

Threat to home users

Home users are the least protected. As most of them carry out their personal financial transactions from home, their credentials, credit card information etc are at risk of being watched and misused. As security awareness is lowest among home users they tend to fall victim to phishing sites.

Spyware can be installed with other programs, especially file-sharing programs and game download sites. Programs that include spyware sometimes mention it in their license agreement or privacy statement, places where you might click “I agree” without even reading the text. Kaushik says, “Spyware can also be covertly installed by exploiting security vulnerabilities in your browser or operating system.” This leads to a heavy loss of data and not only loss but there is a huge possibility that this data is going to be sold or used by someone.

Nowadays in banking, physical transactions occur rarely. Digital transactions are the norm. So no matter how cautious users are, digital transactions can be electronically hijacked. While supporting the above information, Pradhan also gave some reasons as to why this can happen. He informs, “Most of the transactions are protected using a login ID and alphanumeric password. Possession of these two enables anybody in this world to conduct a digital transaction. Every home user is well connected with huge Internet Pipe used for e-mail, online shopping, booking tickets, banking, sharing files, downloading music and so on. The threats related to these activities are considerable, many of which are not widely understood by home users. Spyware infection can lead to data and identity theft, slower performance of a computer and Internet connection, tracking of browsing patterns, increase in SPAM and the list goes on.”

Beyond anti-virus

Spyware related threats are not understood by Indian users. They are carried away by the myth that possession of Anti-Virus will be sufficient for all threats. The myth in the enterprise segment is that multilayered perimeter security like firewall, IDS, IPS will take care of this blended threat.  The truth is quite different from this. Removing Spyware is a specialist job that requires a dedicated anti-spyware solution the key attributes of which are time required for scanning and a comprehensive list of defined Spyware threats.

In terms of suggesting what customers should look for, Pradhan added, “Customers should look at both attributes carefully before selecting any anti-spyware solution. Poorly engineered anti-Spyware products are resource hungry and have tons of loosely defined Spyware Signatures. Also oftentimes “free” anti-spyware products are Trojans, so customers should buy an anti-spyware product from a legitimate source.”

As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of spyware getting on a system. Integrated threat management software like Trend Micro Anti-Spyware Enterprise Edition 3 or Trend Micro Anti-Spyware for SMB help detect and remove all kinds of spyware within the system,” says Kaushik.

It becomes all the more important because spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.

There are anti-spyware solutions available from many security vendors. McAfee’s Total Protection Suite, Microsoft’s AntiSpyware etc are few of the solutions available for both enterprise and home users. Chaudhary adds, “Although these protection tools are already available, what is more important in fighting this technological menace is to follow best practices while surfing the net apart from regularly scanning the computer with an anti-spyware solution. The Managed VirusScan with Anti-Spyware Service provided by SecureSynergy is aimed to fight this menace without the need of manual scan of the system, thereby reducing the effect of user ignorance.”