Viruses and malicious hacker threats hog the headlines, but just as problematic for an SME/SMB is the sinister invasion of adware and spyware
I recently described to a friend what a worm program was and how it worked: lying undetected on a PC until a preset sequence brought it to the surface to perform some malicious action before disappearing again. Her smile of intrigue turned slowly into open-mouthed horror as I explained how tens of thousands of these programs could band together to create a virtual machine out of the control of its users. “Just like in The Terminator,” she mumbled, rapidly growing pale.
Security is the one aspect of IT that regularly grips imaginations, which is great news if you’re trying to impress at a dinner party and even better if you’re trying to wrest greater resources and acceptance from senior non-IT colleagues. IT used to be a black art that the ‘people over there’ dealt with. Now it’s at the boardroom level and everyone and their dog has an interest in how company data is being protected.
You could argue that greyware - the collective term for adware, spyware, diallers, hijackers, key loggers and other ‘ghost’ programs that are perpetually installing themselves onto every PC on the planet – is the new spam. Like spam, greyware been around for a while and in many forms it’s pretty harmless stuff that irritates more than infiltrates. But also like spam, it’s reached a tipping point – we’ve all got it, it’s causing some extremely troubling effects, and it’s time enterprises took it more seriously.
Many of the most threatening impacts of greyware, such as usage pattern tracking, invasion of privacy and information theft can remain unseen and are all possible without the user having consciously opened, downloaded or executed any applications. Just visiting a website harbouring this technology is enough to become a victim.
Unwitting use of greyware can compromise valuable information such as credit card numbers, passwords, and even a user's identity. Other than the generally familiar adware and spyware, here are some other examples of greyware threats in the wild:
Perhaps one of the most dangerous greyware applications, installed to capture the strokes made on a keyboard. These applications can capture user and password information, credit card numbers, e-mail, chat, instant messages, and more.
Used to control the PC's modem. These applications are generally used to make long-distance calls or call premium numbers to create revenue for the thief.
Can manipulate the web browser or other settings to change favourite or bookmarked sites, start pages or menu options. Some hijackers can manipulate DNS settings to reroute DNS requests to a malicious DNS server.
Network management tools
Designed to be installed for malicious purposes, these applications are used to change network settings, break network security, or cause other forms of network disruption.
Remote administration tools
Allow an external user to remotely gain access to, change or monitor a computer on a network.
DLL files often installed to allow a program to control the behaviour of Internet Explorer. Not all BHOs are malicious, but they can track surfing habits and gather other information stored on the host.
Installed to modify the computer's existing toolbar features. These programs can be used to monitor web habits, send information back to the developer, and change the functionality of the host.
Installed to allow other software to download and install without the user's knowledge. These applications are usually run during the startup process and can install advertising, dial software and other malicious code. They can also disable existing desktop-based anti-virus programs, leaving the computer open to infection – often by duping the user into unwittingly switching them off.
The critical defence against this family of threats is user education, starting with established policies that prohibit downloading and installing applications that are not approved by the company.
But the really nasty applications will always try to stay well hidden to prevent disinfection and removal. In addition to strengthening settings on browsers and e-mail programs, administrators should install anti-greyware detection at the network ingress rather than risk the ‘user switch-off’ vulnerabilities of a desktop solution.
For additional mobile workers operating outside the environment, a resilient VPN client with personal firewall, anti-virus and greyware detection will help ensure that all users are protected against all threats.
Back at the dinner party, who’d have thought greyware could be the subject of some coffee and mints chit-chat? If you’ve ever enjoyed scaring the wits out of someone with tales of hackers, bugs and viruses, try greyware on for size. Discussing it in the context of scary movies again, make sure you catch this year’s big Christmas blockbuster: I Know What You Did Last Summer, Where You Went, Who You Went With, How Much You Paid and With Which of Your Passwords.