Spyware--the hidden threat to business security.The explosion in spyware has presented businesses with increasing concerns about security issues, from data theft and network damage to reputation loss and exposure to potential litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. . This paper examines how spyware infiltrates Infiltrates Cells or body fluids that have passed into a tissue or body cavity. Mentioned in: Eosinophilic Pneumonia and affects organizations and describes how to protect against it. Spyware defined Spyware poses a constant and significant security risk to organizations, stealing or damaging confidential corporate information and opening up networks to further attack. Its intent is malicious. It installs itself onto a user's computer by stealth, subterfuge sub·ter·fuge n. A deceptive stratagem or device: "the paltry subterfuge of an anonymous signature" Robert Smith Surtees. and/or social engineering and sends information from that computer to a third party without the user's permission or knowledge. Organizations also need to manage the associated problem of adware, which delivers targeted advertising, such as pop up messages, to users' computers, and is increasingly seen as a nuisance. However, while adware and other potentially unwanted applications (PUAs) can affect user productivity and system efficiency, they may actually be required by some users. Commercial remote administration tools A Remote administration tool is used to remotely connect and manage a single or multiple computers with a variety of tools, such as:
Spyware grew from 54% to more than 66% of the new threats analyzed by SophosLabs during 2005--and one in every two Trojans found now contains elements of spyware. A growing and diverse threat The problem of spyware continues to grow rapidly, and this type of malware now forms the majority of new threats. Figure 1 shows the number of spyware threats reported to Sophos during 2005 as a proportion of the total malware analyzed by SophosLabs--a global network of threat analysis centers--and how that proportion has increased. In January, only 54.2% of threats were spyware, but by November this had risen to 66.4%. Sophos research also shows that businesses are demonstrating a heightened awareness of the spyware problem. Of those responding to a Sophos web poll, an overwhelming majority--95%--indicated that they expect their anti-virus software anti-virus software n → Antivirensoftware f to provide simultaneous protection against spyware. 1 As well as growing in volume, the spyware threat is diversifying, with new techniques appearing all the time. Spyware threats include: * Password and information stealers -- steal passwords and other sensitive personal information. * Keyloggers -- monitor keystrokes with the intention of stealing information such as passwords. * Banking Trojans -- monitor information entered into banking applications and banking web forms. * Backdoor See trapdoor. Trojans -- can contain any of the above functionality, including the ability to allow hackers unrestricted remote access to a computer system when it is online. * Botnet worms -- create a network of infected computers, configured remotely to work together to carry out any of the above functionality. * Browser hijackers See page hijacking. -- reduce browser security settings and/or modify browser settings with the intention of redirecting users to automatic download sites. * Downloaders -- install other, potentially malicious, programs without the user's knowledge. The threat posed by spyware has been increased by the ready availability of spyware kits on the internet, as SophosLabs discovered in March 2006. For as little as US$15, potential hackers.can obtain scripts that simplify the task of infecting computers. Such kits are also attractive to opportunists who lack the skills but have malicious intentions. How spyware attacks businesses Spyware is a real threat to organizations, affecting business continuity in a number of ways. Data theft Spyware can steal important or confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , as in the example of Troj/BankAsh-A, a password stealer and keylogger. Once installed, the software starts reporting the next time the computer is online. This kind of spyware can also steal financial data, spreadsheets, personnel records, bank account numbers, passwords, or any other information typed into the affected computer. Over 33% of all threats analyzed by SophosLabs are designed to steal information, while 16% contain keylogger functionality. A damaged reputation, the loss of money or competitive advantage, and an increased risk of litigation can all result from data theft. Hacking As well as capturing data, spyware can leave corporate computers vulnerable to espionage by hackers--more than 40% of all threats seen by Sophos allow others access to infected systems. Backdoor Trojans, such as Troj/Feutel-L, enable hackers to take control of a computer and steal any information stored on it. For the IT administrator this kind of attack is potentially worse than a virus, since the behavior of any hacker accessing the network is unpredictable. Zombie A computer that has been covertly taken over in order to perform some nefarious task. It is estimated that millions of PCs around the world have been compromised and, under the control of a third party, routinely transmit messages unbeknownst to the user. attack Spyware such as botnet worms can also be a very effective tool for spammers. Using a botnet worm or a Trojan such as Mytob--the top family of threats identified by Sophos during the first half of 2006--spammers can take over a vulnerable computer or web server and force it to send out their emails for them, thus making the email appear to be from a legitimate source. The hijacked computer can also be used for other malicious purposes, such as forming part of a denial of service attack An assault on a network that floods it with so many additional requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, a denial of service attack interrupts network service for some period. . In such an attack, thousands of computers access a website at once, overloading its servers and causing it to shut down. Computers that have been hijacked and linked to other infected machines in this way are known as botnets or "zombie" networks. Sophos estimates that over 60% of spam is being sent from zombie computers This article is about computers that have been compromised by malware. For other meanings, see Zombie (disambiguation). A zombie computer (often abbreviated zombie . While it is often home users who are most at risk, the problem also affects organizations. At the beginning of 2006, a man in California was indicted INDICTED, practice. When a man is accused by a bill of indictment preferred by a grand jury, he is said to be indicted. on charges of launching a zombie attack which infected 150 computers at Northwest Hospital and Medical Center Northwest Hospital and Medical Center, opened in 1960, is a large nonprofit health care provider located on 33 acres (13 hectares) in Seattle, Washington's Haller Lake neighborhood. It is Seattle's only independent private general hospital north of the Lake Washington Ship Canal. in Seattle, US. In May in South Korea, a major host of spam sources, authorities arrested a man suspected of running a network of 16,000 zombie computers that were responsible for sending 18 million spam emails every day to 133 countries. Network damage Network performance can also suffer as a result of a spyware attack, as the software places extra demands on the system. For a business, this can mean disruption and decreased productivity-while the software remains undetected, and extra resources being spent on finding and clearing up the problem. How spyware becomes installed Spyware can be installed by a virus, or when a user clicks on a weblink or opens an attachment in an email. Most spyware requires some user action for it to be installed on a computer, such as downloading an ostensibly os·ten·si·ble adj. Represented or appearing as such; ostensive: His ostensible purpose was charity, but his real goal was popularity. useful or desirable piece of software (a peer-to-peer file sharing Copying files from one computer to another. See peer-to-peer network, file sharing protocol and file and printer sharing. program, for example) which may carry the spyware hidden within it. Users may also be duped into downloading spyware through pop-up messages that prompt them to download a software utility they "need". Security vulnerabilities, for example in web browsers The following is a list of web browsers. Historical Historically important browsers In order of release:
in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. email message for spyware to install itself onto their computer. This kind of secret installation is known as a "drive-by download A program that is automatically installed in your computer by merely visiting a Web site, without having to explicitly click on a link on the page. Typically spyware that reports information back to the vendor, drive-by downloads are deployed by exploiting flaws in the browser and ". Protecting against spyware The basic steps As with any security threat, the basic steps an organization needs to take to protect itself against spyware involve the effective combination of: * Education -- ensuring that all users understand the need to be cautious when opening attachments and downloading and installing software. * Policy -- enforcing a robust, company-wide internet policy to prevent unauthorized downloads, and implementing passwords to prevent unauthorized access to desktop computers. * Technology -- installing the latest browser and operating system operating system (OS) Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. patches, ensuring that browser security settings are set correctly, and deploying up to date security software. Integrated threat management A computer security approach in an organization that deals with all forms of unwanted intrusions, including attacks on computer systems, malware of all kinds and even spam. See computer security, malware, threat management and blended threat. Beyond these basic steps, businesses should implement an integrated security solution, which protects both the endpoint and the gateway. Businesses also need to manage the increasing complexity of threats--from viruses, Trojans, phishing attacks, zombie attacks, spam, and policy abuse--as a whole, not as separate problems. Help is available from, for example, the Sophos ZombieAler Service, which provides organizations with immediate warning of spam originating from their networks as the result of spyware infecting their computers. This service complements Sophos Anti-Virus Sophos Anti-Virus is an anti-virus, anti-spyware and HIPS software program by Sophos plc, which is aimed primarily at corporate environments. Centralised management is performed via Sophos Enterprise Console. It is believed to be the Anti-Virus used by Gmail[1]. , which provides effective protection against spyware--in just the same way as it protects against viruses and all other known and unknown threats--and also allows businesses to block or selectively allow adware and other potentially unwanted applications. www.sophos.com. A Sophos White Paper. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion