Carroll County Times Articles
Spyware and Malware – Malicious Software
by Douglas Heck and Thomas Bethune – November 20, 2005
Spyware is a relatively new threat to corporate and home computer networks, is rapidly becoming more prevalent, and is remarkably hard to identify and remove. In this article, we examine some of the types of Spyware that are looking for you, discuss the most common symptoms of the problem, and solutions to eliminate those problems.
By definition,
“Spyware is a program that is loaded onto your system without your permission or knowledge.”
This threat exploits a user's lack of understanding, security flaws, or uses outright deception to gain entry to your computer to begin collecting data.
Spyware and Malware are often discussed as if they are one type of problem. The confusion arises from the fact that some Malware is poorly written or altered Spyware. In fact, well written Spyware is almost unnoticeable to the average user, and quietly collects data about the user and their habits. These programs are freely distributed, and often copied.
Browser Hijacking
The most common form of Spyware is “Browser Hijacking.” Browser hijacking software often adds a new or expanded tool bar to your browser. This program might add shortcuts, desktop icons, redirect home pages, change desktop wall paper, or even alert the user of current weather conditions. Some add embellishments to email programs like dancing smiley faces.
A common sign of an infection is a large number of pop-up windows when surfing the web. This is caused by a trigger that your machine registers every time you surf the Internet. The shear quantity of pop-up windows often panics a user, and he or she frantically clicks the pop-ups to close them, causing the pop-ups to spawn even faster. At that moment, a computer becomes vulnerable to malicious Spyware and Trojan Horse programs because the user is so preoccupied with closing the pop ups he or she fails to notice other system changes such as software downloads or system warnings. With the user distracted, malicious programs are easily loaded in the background. These programs are embedded in the pop up web pages. Here's a hint... the entire pop-up is often a button that runs the malicious code.
A new or modified Internet toolbar is another common sign of a Spyware infection. Many users enjoy the novelty of a modified toolbar, finding its features fun or even helpful, until the user realizes the toolbar is changing how they view the Internet by directing web searches and queries to a webpage that is tracking Internet usage. This process is similar to the membership card that most supermarkets offer, which tracks a shopper's purchases, and offers rebates and coupons accordingly. This is why tool bar downloads are generally followed by an exceptional increase of spam in your email.
Have you wondering why the default start page you see when you open your web browser is not what it should be? Some Spyware overwrites your default start page in your browser. This type of Spyware is often found in conjunction with the new toolbars mentioned above. This tactic is used to control the start point of your Internet surfing, and creates a baseline for evaluating the information collected, such as the time of day and length of time the user surfs the web. Many redirects also load a system component that changes the default page back to the tracking page even after you have changed the page to something else. What a pain!
Warning Signs
If you start seeing “end task” errors, or “cannot close program” errors, you may have an infection. This is often the result of a failed attempt to completely remove Spyware from your machine using a “slash and burn” approach, deleting the unwanted program's directory, hoping the deletion will remove the program. Most of the time, this course of action does not work, generally worsening the problem. This method of cleanup can cause the startup process to fail completely and the user may be unable to log onto the computer. This may require a complete rebuild.
Both Spyware and Malware are facts of the digital age, but this does not mean computer users should take it “lying down.” We believe that the best defense is a good offense. The market is flooded with Anti-Spyware programs, both commercially and as freeware. Every effort you can expend to prevent infection is well worth it - once a machine has been infected, the only completely corrective action may be to rebuild the computer's operating system and loading AntiVirus and Anti-Spyware programs to prevent future infections.
Network Environments
While Spyware is troublesome for home users, in a network environment it can be disastrous. The true economic impact is harder to measure than an outright network outage. The impacts of Spyware on an enterprise network appear slowly, and many companies hardly notice the infestation until it results in a catastrophic failure. Company networks quietly become breeding grounds for Spyware, often due to complacency in network security procedures. We believe the only cure is an active campaign of scanning and updating your AntiVirus and Anti-Spyware programs, and education of your users.
We advocate the use of corporate AntiVirus, Anti-Spyware, Anti-Spam and Firewall systems that are actively monitored and frequently updated with new technology as it becomes available. Read those words again... Actively Monitored! Each one of these components should be freestanding, and able to work independently if needed. Anti-Virus updates should be forced once a week.
The best user is an educated user. A company-wide Acceptable Network Use Policy is the best way to outline what users can and cannot do with company network resources. Users should be educated on the reasons for the policy, emphasizing that it is to protect rather than restrict them. Reality dictates that the enterprise network is a mission-critical part of a company's operations, and without it, the company may no longer exist, and consequently, the employee may no longer have a job.
Spyware and Malware threats cannot be prevented completely, but they can be mitigated and removed. As quickly as anti-Spyware and system patches are developed, programmers develop newer and more resilient programs. For this reason, the recommendations in this article are meant to be considered best practices and not absolute cures or preventative measures. Proper maintenance and preventative measures can help you identify and eliminate problems before they result in a crisis, minimizing your risk.
The most important rule to remember is what your grandfather said: “Nothing is free. If it looks too good to be true, it is.” This adage is as descriptive of Spyware and Malware as it is of the many products and services their Pop-Up Windows sell. That wonderfully free toolbar or that colorful set of fun icons may be packed with more goodies than you expect! For more detail on staying computer safe, download our Spyware White Paper at www.InfoPathways.com. Happy Computing!
About the Author
Douglas Heck and Thomas Bethune are Partners of InfoPathways, LLC, and members of the Carroll Technology Council, a non-profit organization dedicated to educating businesses, government and residents about technology issues. Questions are welcomed and may be addressed in future articles. Email advisors@carrolltechcouncil.org or go to www.carrolltechcouncil.org for a list of Advisor categories.
