Most Dangerous Types of Spyware are on the Rise: How to Choose the Weapon

Bad News - the Threat is Bigger than it Seemed

How recently it was ? when even many journalists thought that spyware gathers mostly information to be used for targeted advertising. Definitions like "spyware, a.k.a. adware, is?" were pretty common in articles. Keyloggers and system monitors were mentioned as dangerous, but relatively rare. Until the Spy Audit survey made by ISP Earthlink and Webroot Software clearly showed - they are not rare at all.

The results of the survey are here:

http://www.earthlink.net/spyaudit/press/ and http://www.earthlink.net/about/press/pr_spyauditsurvey/

Reading them will be time well-spent for everybody who uses Internet and at least sometimes deals with information valuable enough to be stolen; in fact, it means just everybody.

"Industry experts suggest that these types of programs [i.e. spyware in general] may reside on up to 90 percent of all Internet-connected computers" ? that's the exact quote. Considering the number of computers scanned during this survey (which lasted for a whole year 2004), there is nothing left but to come to the conclusion ? it must be true to fact.

Despite the fact that one of the Spy Audit authors is an anti-spyware vendor, there is no doubt that the results are trustworthy ? there has been more than 4.6 million system scans made in 2004. It seems that the results of the survey might be like the bolt from the blue even for the specialists, not to mention general public.

16.48% of all scanned consumer PCs in 2004 had a system monitor installed. It means that 16.48% of these users were definitely under monitoring (who monitors them ? that's another question). 16.69% had a Trojan horse program, and this is a troubling sign, too ? it is a keylogging module that Trojans often have inside. "Information-stealing Trojan" in descriptions most often means "keylogger-containing Trojan". Both figures give us an overwhelming 33.17% PCs contaminated with some program with information stealing capability. Even if not all these Trojans were information-stealing ones, the situation is distressing anyway.

Schools of Phish and Herds of Trojan Horses

"Traditional" phishing and spoofing (sending emails linked to a bogus bank Web site and waiting for unwitting customers) are, unfortunately, not new phenomena. It is a modernized two-stage scam which includes contaminating the victim's machine with a keylogger-containing Trojan horse program that is spreading like a wildfire now.

This scheme is without doubt much more dangerous; in this case the victim needn't follow the link in the email. Trojan horse lurks in the background until the victim types particular titles or URLs into his browser. Once the user visits one of a number of banking Web sites the malicious code is triggered into action, capturing passwords and taking screenshots. Then the information is sent to remote hackers who can use it to break into the bank account and steal money.

There were several outbreaks in activity of such information-stealing Trojans which targeted bank customers in 2004. Actually, such a scam was first used in Brazil ? when the notorious Trojan named Troj/Banker-AJ appeared, experts recalled that the security firm Sophos had warned earlier in 2004 about criminals who used similar techniques to break into Brazilian online bank accounts.

Crooks may use pretty ingenious and "efficient"(if such a word could be appropriate for this activity) techniques to place the Trojan into users' PCs ? letters can be mimicking CNN news alerts, or offering to reserve the very latest book about Harry Potter in the series before it is published in July. Who knows what will they invent next?

Looking for Solutions to the Problem

In 2004 it become as clear as day to anyone - from being not much more than a nuisance for PC users, spyware turned into one of the major threats to information security. Since the Internet has become a part of daily life and business, rapid growth of such kinds of cybercrime as identity theft and phishing endanger the whole society. Some types of spyware, namely software capable of stealing valuable information (like passwords, SSNs), certainly facilitate these crimes.

Software vendors by all means are responding to the threat to meet the enormous demand for anti-spyware protection.

Several big anti-virus vendors, such as Norton and McAfee, have already begun providing anti-spyware protection as well. Microsoft also joined the anti-spyware market this year (and has already become a target for the malicious Trojan called Bankash-A; fortunately, no serious damages reported so far). Symantec plans to announce new features to fight spyware in some of its enterprise antivirus and intrusion prevention products.

Besides, there also are ? literally - hundreds of stand-alone anti-spyware developers and vendors. The number of anti-spyware software they all develop, promote and sell is constantly growing - and will grow in future. So will the profits. According to predictions from the market advisory firm IDC, the market for anti-spyware solutions is expected to boom in the next few years. Anti-spyware software revenues will soar from US$12 million in 2003 to $305 million in 2008.

But what about end users ? are they going to benefit from such a variety of anti-spyware solutions available at the market? Or will they just feel bewildered and lost in all this mass of ads offering instant relief from nasty and dangerous spyware? It looks like most people are already confused because advertising is pretty much alike ? how to distinguish a high-quality product from some hit-or-miss software developers fabricated in haste just to get quick profit?

What a user can (actually must) do is to know what exactly he or she is buying or installing for free. Here are several simple common-sense tips:

The first step is to visit the site of the company that produces this product. Look it through. Read "about us" section. How long does this company exist? Ignore "testimonials" ? there is no guarantee that it wasn't the company's PR manager who wrote them. It would be better to search, say, Google groups for opinions.

A good old background check will also do a lot of good. It takes some time, though ? but peace of mind later is worth half an hour's browsing the Web now. The simplest way is to search for the product's name along with such words like "installs", "spyware", "adware", "popups", etc.

There are even lists of suspicious, low-performing, or adware-installing products. See, for example, http://www.spywarewarrior.com/rogue_anti-spyware.htm - an ample list of anti-spyware you'd better not buy. By the way, the whole this site is worth studying thoroughly.

The fact that you are not a tech person doesn't mean you can afford not knowing the basic principles these products are based on. What a user can expect from an anti-spy product and what is simply impossible?

Most anti-spyware products apply signature databases, i.e. rely on simple pattern-matching technique. Detecting spy software is the crucial step of the whole process ? all the protection depends on whether the anti-spy software is able to detect as many malicious programs as possible. The bigger the database is and the more often it is updated, the more reliable protection the product will provide.

Signature base, which most anti-spy products depend on, is actually the "list" of signatures ? small pieces of spy programs' codes. Anti-virus or anti-spy program actually scans the system and compares its codes with those in signature bases. So, in this case only the spies whose signatures already are in the base will be detected and eventually "caught". As long as anti-spy software is regularly updated and the system doesn't come across some unknown spy product, everything is all right.

The problem is that there is good deal of people capable of creating something brand-new, unknown to anti-spyware developers. The period of time when a new spy already exists, but the updates have not been released yet, is the very time when cybercriminals make their biggest profits.

The advantage of signature base analysis is that programs based on this method of detection can be of wider range ? it is possible to include signatures from different types of spyware and adware into a single database. However, regular release of updates for these bases becomes crucial. If the developer fails to do it properly and on time, there is a considerable risk for such a program to become "Jack of all trades and a master of none."

The conclusion is simple ? if a product applies signature database, it's better to choose anti-spyware with the biggest and most frequently updated base. Don't expect absolute protection ? with this technique it is simply unattainable.

But in case of information-stealing programs, like keyloggers or keylogging-containing Trojans, a single "overlooked" program may mean lost valuable data. Since signature analysis can't ensure protection against constantly appearing brand-new keyloggers, blocking the very process of keylogging would be better. Such a technology already exists, and it may be the next step towards more reliable protection against the most malicious types of spy programs.

Alexandra Gamanenko currently works at Raytown Corporation, LLC - the independent software developing company, which created the technology capable of blocking the very process of keylogging. Visit its website: http://www.anti-keyloggers.com

In The News:


The Register

Green software blacked out Australian State
The Register
Something good is going to come out of last year's “Black System” in the Australian State of South Australia: the global wind power industry has learned how to do better modelling for systems under attack from repeated failures. South Australia last ...

and more »

TNW

3 software development trends you don't want to miss
TNW
This has led to more and more companies adopting team chat applications to assist in conducting key business operations, including the building and shipping software applications. Interacting with your team members using a chat application is only ...


New York Times

Software Engineer Starts Unlikely Business: A Weekly Newspaper
New York Times
The investment — by a software engineer who studied artificial intelligence, no less — seems like a quixotic one when so many newspapers are struggling and many readers prefer to catch up on town news on Facebook. But the engineer, Heeten Choxi, ...

and more »

Siemens' software donation to benefit Connecticut community college students
New Haven Register
The intial befeficiaries of Siemens' product lifecycle management software will be students in the Advanced Manufacturing Technology Centers at Three Rivers, Manchester, Asnuntuck and Gateway community colleges. Use of the software Siemens is making ...
Siemens Gives Community Colleges $315 Million Worth of Advanced Manufacturing SoftwareHartford Courant

all 4 news articles »

Brownwood Bulletin

Commissioners OK use of forfeiture funds for prosecutors' software
Brownwood Bulletin
Brown County Commissioners Court members on Monday authorized District Attorney Micheal Murray's office to spend just over $94,000 in forfeiture funds to buy software and equipment that will streamline the process of providing discovery to defense ...
Brown County DA getting new software to increase transparencyKTXS

all 2 news articles »

PCWorld

Switching from Mac to PC, Part 3: The software challenge | PCWorld
PCWorld
When you switch from Mac to PC, you'll be leaving some software behind. We've found some solid replacements.

and more »

GeekWire

How this legal software startup used its funding round to support legal aid under Trump budget cuts
GeekWire
But MetaJure, a Seattle startup that provides software to help lawyers manage their documents and email, is starting early. As early as the company's Series A funding round, in fact. MetaJure used its $2.6 million round as an opportunity for what its ...

and more »

Market Realist

How BBM Enterprise Could Impact BlackBerry's Software Business
Market Realist
By opening BBM Enterprise SDK (software development kit) to third-party developers, BlackBerry has also unlocked a new revenue stream in its Software and Services segment. The company could take a cut from the sales of third-party apps integrated with ...

and more »

Daily Mail

The 'magic carpet' software that helps fighter jet pilots make a perfect landing on a warship in ANY conditions
Daily Mail
The US Navy has revealed a radical new system allowing fighter pilots to land on deck safely. Called 'Magic Carpet' the software is being tested by F/A-18E/F Super Hornet and EA-18G Growler pilots across the Navy's fleet. It effectively acts as an ...

and more »

9 to 5 Mac

Apple rolling out macOS 10.12.4 software update with Night Shift for Mac
9 to 5 Mac
funny, that you mention case sensitivity. That is actually the biggest reason why I want APFS as soon as possible, because I'd really like a case sensitive filesystem for web development. I tried using HFS+ in it's case sensitive mode but a lot of ...

and more »
Google News

How to Choose the BEST Charting Software

I suggest that you do not spend a lot of... Read More

Business Planning Software

Once a business idea is selected, it is highly recommended... Read More

Microsoft Great Plains: If You are Orphan Client ? What to Do and FAQ

Microsoft Business Solutions Great Plains, former Great Plains Software eEnterprise,... Read More

Professional Software Icons For Your Standalone Application

User interfaces and accessibility are some of the most important... Read More

Great Plains Dexterity ? Microsoft Great Plains Customization Overview

Microsoft Business Solutions Great Plains, former Great Plains Software Dynamics... Read More

Tripwire for Linux File Integrity

What is Tripwire?Tripwire is a form intrusion detection system (IDS)... Read More

Think Of This

Think of this, first we had the HAM Radio, then... Read More

Microsoft CRM Integration with IBM Lotus Notes Domino ? Machinery Dealership Example

IBM Lotus Notes with Domino email server is traditional document... Read More

Accessing XML Using Java Technologies

The most important benefit of XML is its simplicity. Though... Read More

Removing Incoming Email in MS Exchange, C# Example

The purpose of one of our projects was MS Exchange... Read More

Microsoft Great Plains 8.0 Brazilian Version ? Overview For International Consultant

Microsoft Great Plains has substantial mid-market share in the USA... Read More

Examining the Substance of Studio MX

To all web designers out there, this article is for... Read More

Great Plains Custom Development: Dexterity, VBA, SQL, Crystal, eConnect ? Overview For Programmer

Microsoft Great Plains is main Microsoft Business Solutions accounting package... Read More

Information Products: A Business Owners Best Friend

We live in a post-industrial age where information is the... Read More

The Opera Alternative

Security flaws have long plagued Internet Explorer (IE), the market-dominating... Read More

The Truth: Netzero 3G

We've all seen the ads on TV for Netzero 3G.... Read More

Microsoft Great Plains Implementation: Collection Management ? Overview For Consultant

Microsoft Business Solutions Great Plains is very good fit for... Read More

Microsoft Great Plains Project Accounting ? Overview For IT Director/Controller

Microsoft Business Solutions is now in process of creating so... Read More

Hubris - Definition: Microsofts Passport

Before September of 1995, Microsoft ignored the Internet because their... Read More

Microsoft CRM Messaging through Lotus Domino eMail Server - Balanced Solution

Microsoft CRM and IBM Lotus Notes Domino seem to be... Read More

Software Engineering: An Introduction

Software Engineering is the Systematic Approach for analysis design implementation... Read More

.Net Charts and Graphs Interact with Businesses and Customers

Bar charts, bar graphs, and any other chart or graph... Read More

Spyware - The Internet Devil Of Our Times!

Spyware and Adware infest over 90 percent of computers in... Read More

Review on QuarkXpress 6.0

After almost two decades of existence, Quark has become the... Read More

Microsoft CRM Lotus Notes Domino Connector FAQ

Microsoft Business Solutions CRM and IBM Lotus Notes Domino, being... Read More