MoMusings

I mentioned some months ago that I would blog about Spyware, well I finally got round to it, hope it was worth the wait?

So, to start let me actually define what Spyware is in single sentence:-

“Spyware is the generic name for any application that may track your online and/or offline PC activity and is capable of locally saving or transmitting those findings for third parties sometimes with, but more often without your knowledge or consent”.

If you want the full definition of what makes something spyware, then feel free to look here: http://www.antispywarecoalition.org/documents/definitions.htm.

However, don’t expect it to be very concise! Just like virus and other malware nomenclature, if you ask several experts, you’ll probably get multiple and sometimes opposing definitions, you have been warned.

Spyware comes in many forms including adware, keyloggers, Trojans, browser hijackers, and dialers.


Is Spyware a Problem?
Well, according to a number of surveys it is a BIG problem, trouble is that many of those infected may not even be aware of spyware. Furthermore they may be blissfully unaware that their browsing habits, at the very least, or their financial data or every keypress they make is actually being recorded, and being sent to the ‘Bad Guys [TM]’, at the very worst, to use, or should that be mis-use, as they see fit.

• More than 33 percent of system crashes reported to Microsoft were found to be due to spyware.
• Nine out of Ten PCs connected to the Internet are infected with spyware.[2]
• A recent spy audit report[1] published by Earthlink and Webroot found an average of 26.5 spyware traces are present on a given PC. In a six-month period, two million scans found 55 million pieces of spyware.
• 92% of corporate IT managers at companies with more than 100 employees claim they have a “major” spyware problem.[3]

[1] http://www.webroot.com/company/pressmedia/pressreleases/20040804-spywarereport/
[2] National Cyber Security Alliance, June 2003
[3] Web@Work Study, March 2004

How do I get infected:
There are many ways to get infected with spyware, however the most common ways are via web sites that use scripting, known vulnerabilities or social engineering to get you to install their spyware, or spyware being installed as part of a free tool or utility that you installed.

There are many other ways, these include:

• Get in via: Exploits/Vulnerabilities, Browser Helper Objects [BHOs].
• Java, JavaScript, VBScript, Plugins (ActiveX), Cabs/Executables (Viewers).
• Spyware bundled with other applications.
• Other malware downloading and installing Spyware.
• Self-updating spyware/adware ‘multi-component’
• Spyware used to sell anti-spyware tools.
• Spyware disguised as anti-spyware software.

What about Cookies?
No I’m not talking about those yummy things that come with chocolate chips in; amongst other things. However, if you are interested in malware trivia, then you may be interested in what some consider to be the first computer virus[4]; known as ‘Cookie, Cookie Monster or Cookie Bear‘. However, this bears [no pun intended] no relation to the Cookies I’m covering here.

[4] I’m not one of them. The first virus was Elk Cloner, the first PC virus was Brain, which has just had it’s 20th birthday!

The cookies I’m covering here are a way for websites to store session or other data when you visit their site. These ‘cookies’ are not spyware. If you want to classify them as any sort of threat, then classify them as minor ‘privacy’ issue. However they can be used for tracking purposes.

So, What can I do to protect myself?
There are loads of tools that you can use to help fight spyware already on your PC, and others that can stop it getting on there in the first place. The first bit of advice I will offer is to use a browser that doesn’t use/support ActiveX, as this is one of the main ways for spyware to get onto your system. I would suggest that you use Opera or Mozilla/Firefox instead. Don’t get me wrong this won’t stop all spyware getting onto your system via a web browser, but it should help to minimise the risk. Likewise, not visiting the internet’s ‘grey’ areas or its seedy under-belly which help. Also, be very careful with free programs, as some offset the cost of the program by bundling adware or spyware in with their software.

Anti-spyware tools:

• Adaware
• Spybot S&D
• WinPatrol

Be very careful when selecting an anti-spyware solution/tool, as there are a number of them that are spyware in their own right. You can find a list of the known ‘bogus’ anti-spyware and anti-malware tools here: http://www.spywarewarrior.com/rogue_anti-spyware.htm

Here are some other things that you might want to do to help protect your computer:

• Keep your operating system fully patched.
• Be careful of what you download, and read the EULA before you allow the install to continue.
• If you must use Internet Explorer then adjust your settings for ActiveX.

The good news is that many anti-virus products are starting to detect some of the most common spyware. Other vendors have acquired companies that specialise in spyware detection and elimination; these will then be incorporated into the vendors products.

The bad news is that spyware is now commonly used by professional cyber-criminals to steal data, be it corporate secrets or your credit card or bank details. Even worse is that the quality of the spyware is getting better; this means that we are talking about these programs being written by proffesional programmers rather than the more usual stereo-typical malware author. Increasingly we are seing new techniques to make the detection and removal of some spyware very, very, difficult.

Other useful tools:

• CWShredder This can get rid of some of the most pernicious spyware known to man, this being ‘Coolwebsearch’.
• HijackThis I blogged about this tool some time ago, it is a very useful diagnostic tool.
• HijackThis Log Analyser This is a useful site for turning the output of HijackThis into something that means something to most end-users, not just techies or propeller-heads.

Anyone who has other useful tips and/or techniques then please feel free to post them as feedback. I’m sure that there are many others that will help other readers in the endless fight against the growing scourge of spyware.

For those of you who would like to know more about spyware then you are in luck as I’m writing a conference paper on this subject. Spyware is a big and complex arena, and as much as I try, there is no way a single blog entry could ever do it real justice. The paper will be made available after the conference. So, if you are interested then check back around the 6th of May 2006 for a link to the paper.