Viruses and malicious hacker threats hog the headlines,
but just as problematic for an SME/SMB is the sinister invasion of
adware and spyware
I recently described to a friend what a worm program was and how
it worked: lying undetected on a PC until a preset sequence brought
it to the surface to perform some malicious action before
disappearing again. Her smile of intrigue turned slowly into
open-mouthed horror as I explained how tens of thousands of these
programs could band together to create a virtual machine out of the
control of its users. “Just like in The Terminator,” she mumbled,
rapidly growing pale.
Security is the one aspect of IT that regularly grips
imaginations, which is great news if you’re trying to impress at a
dinner party and even better if you’re trying to wrest greater
resources and acceptance from senior non-IT colleagues. IT used to
be a black art that the ‘people over there’ dealt with. Now it’s at
the boardroom level and everyone and their dog has an interest in
how company data is being protected.
You could argue that greyware - the collective term for adware,
spyware, diallers, hijackers, key loggers and other ‘ghost’
programs that are perpetually installing themselves onto every PC
on the planet – is the new spam. Like spam, greyware been around
for a while and in many forms it’s pretty harmless stuff that
irritates more than infiltrates. But also like spam, it’s reached a
tipping point – we’ve all got it, it’s causing some extremely
troubling effects, and it’s time enterprises took it more
seriously.
Many of the most threatening impacts of greyware, such as usage
pattern tracking, invasion of privacy and information theft can
remain unseen and are all possible without the user having
consciously opened, downloaded or executed any applications. Just
visiting a website harbouring this technology is enough to become a
victim.
Unwitting use of greyware can compromise valuable information
such as credit card numbers, passwords, and even a user's identity.
Other than the generally familiar adware and spyware, here are some
other examples of greyware threats in the wild:
Key loggers
Perhaps one of the most
dangerous greyware applications, installed to capture the strokes
made on a keyboard. These applications can capture user and
password information, credit card numbers, e-mail, chat, instant
messages, and more.
Diallers
Used to control the PC's modem.
These applications are generally used to make long-distance calls
or call premium numbers to create revenue for the thief.
Hijackers
Can manipulate the web browser
or other settings to change favourite or bookmarked sites, start
pages or menu options. Some hijackers can manipulate DNS settings
to reroute DNS requests to a malicious DNS server.
Network management tools
Designed to be
installed for malicious purposes, these applications are used to
change network settings, break network security, or cause other
forms of network disruption.
Remote administration tools
Allow an
external user to remotely gain access to, change or monitor a
computer on a network.
BHOs
DLL files often installed to allow a
program to control the behaviour of Internet Explorer. Not all BHOs
are malicious, but they can track surfing habits and gather other
information stored on the host.
Toolbar trackers
Installed to modify the
computer's existing toolbar features. These programs can be used to
monitor web habits, send information back to the developer, and
change the functionality of the host.
Downloaders
Installed to allow other
software to download and install without the user's knowledge.
These applications are usually run during the startup process and
can install advertising, dial software and other malicious code.
They can also disable existing desktop-based anti-virus programs,
leaving the computer open to infection – often by duping the user
into unwittingly switching them off.
The critical defence against this family of threats is user
education, starting with established policies that prohibit
downloading and installing applications that are not approved by
the company.
But the really nasty applications will always try to stay well
hidden to prevent disinfection and removal. In addition to
strengthening settings on browsers and e-mail programs,
administrators should install anti-greyware detection at the
network ingress rather than risk the ‘user switch-off’
vulnerabilities of a desktop solution.
For additional mobile workers operating outside the environment,
a resilient VPN client with personal firewall, anti-virus and
greyware detection will help ensure that all users are protected
against all threats.
Back at the dinner party, who’d have thought greyware could be
the subject of some coffee and mints chit-chat? If you’ve ever
enjoyed scaring the wits out of someone with tales of hackers, bugs
and viruses, try greyware on for size. Discussing it in the context
of scary movies again, make sure you catch this year’s big
Christmas blockbuster: I Know What You Did Last Summer, Where You
Went, Who You Went With, How Much You Paid and With Which of Your
Passwords.