Spywareis the most rapidly evolving
threat on the threat landscape at the moment, and it will continue
this way into 2008, said Gerhard Eschelbeck, chief technology
officer of Webroot Software, atRSA Europein London on 23 October.
Spyware is software that covertly gathers information through a
user's internet connection without their knowledge for malicious
purposes. "It is financially motivated and it takes advantage of
human nature," said Eschelbeck. Spyware steals system resources,
shows unwanted advertisements and re-directs users through false
search results and other hijacks.
"These days spyware is invisible and this is what makes it so
dangerous," said Eschelbeck. "Its objective is to stay undetected
for as long as impossible, so it can infect the system slowly.
These guys are not in it for the fame, they are in it for the
money." Spyware will take screen-shots of a user's internet
activity in order to collect personal and financial details from
that user's PC. "Money feeds the spyware machine - spyware
producers display advertisements and earn revenue."
"Tracking the money-flow from spyware is very difficult, and
there have been very few successful prosecutions," he said. "It
works like this: spyware producers pay web properties commission.
Site owners are paid to install spyware onto a user's machine, and
software producers are paid to put spyware on their software."
"Spyware is harder to find, and therefore harder to remove [than
viruses]", said Eschelbeck. "A spyware signature typically has
between 200 and over 500 traces on an infected desktop. These
traces require thousands of removal routines to deal with
registering entries, watcher programs and processes."
"Drive-by" websites are one of the newest spyware traps.
Assuming human error, site addresses such as googkle.com are
activated and pre-loaded with spyware. When an unsuspecting user
makes a typing error when searching for Google, they will land on
the drive-by site. "This is one of the most common ways of getting
infected today," said Eschelbeck.
Thirty-four per cent of spyware comes from the US, followed by
14% from the UK, although this does not necessarily mean the
spyware was generated in these countries. The reason for this is
that both the US and UK are English-speaking and have a large
percentage of their population owning computers.
How to avoid spyware
"Spyware still tends to hide in dark sites on the internet -
mainly porn and gambling sites," said Eschelbeck, who admitted that
to date "there have been no large exploitations of non-Internet
Explorer or non-Windows servers".
"I would advise people to buy a solution that gives both
anti-virus and anti-spyware protection. There is no point in buying
them individually - you should search for the strongest product
which gives you both," he said.
Eight tips to avoid spyware
1. Say no to free software. Consider what is trustworthy,
popular and well known. Be alert and sensible when choosing what to
download for free.
2. Use Firefox or an alternative web server. It does not mean
they are more secure than Internet Explorer - just less popular and
thus less vulnerable to attack.
3. Patch your system. Do not wait for Microsoft and Tuesday.
4. Avoid questionable sites - use your judgement.
5. Be suspicious of e-mail.
6. Use public kiosks with extreme caution.
7. Keep anti-virus and anti-spyware technology updated.
8. Use non-admin accounts to log in.
Source: Gerhard Eschelbeck, Webroot
This article first appeared on the web-site of Infosecurity
magazine,
http://www.infosecurity-magazine.com/