Home | Newsletter | Contact Us

Spyware:  Hidden Risks

May 31, 2006

Summary

Spyware is surveillance software used to monitor a computer user’s web browsing and online activities. Most often, it is installed deceptively. It is often associated with adware, which is software that displays unwanted advertising, usually in the form of pop-up ads. Some spyware programs can pose a serious threat to privacy and security, while others are just a nuisance. Spyware removal creates significant expense for many businesses.

Description

Spyware is software that sends personal information to a third party without your permission or knowledge. This can include information about web sites you visit or something more sensitive like your user name and password. Unscrupulous companies often use this data to send you unsolicited targeted advertisements. Not only does spyware often run secretly on your computer, it is typically installed secretly through one of two primary methods:

  • Browsing corrupt web sites, opening spam email, or clicking on deceptive pop-ups. Spyware is usually created in a scripting language such as ActiveX™ that is launched by a command within a web page’s coding. Simply clicking a link to a web page that has this hidden code can install spyware on your computer. This is referred to as a “drive by” installation.
  • Installing freeware (and sometimes even commercial software) that includes the spyware. A common source of freeware that includes spyware is file-sharing software for downloading music, free games, or other software from untrusted sources. For example, just installing Grokster (a popular file sharing program) can lead to installation of BullGuard, Cydoor, EBates Moe Money Maker, GAIN, Golden Retriever, IGetNet, IPinsight, King Solomon’s Casino, MyWay Speedbar, NetPalNow.com, NewtonKnows, Purity Scan, Sidestep, and Webhancer spyware and adware.

Spyware is pervasive. A study by the National Cyber Security Alliance, found that 80% of personal computers connected to the Internet contain spyware and adware. Furthermore, the study found an average of 93 spyware/adware components on contaminated computers. And in a Web@Work Study, 92% of corporate IT managers claim they have a “major” spyware problem affecting an average of 29% of their users, yet only 6% of employees in the survey believe they have ever visited any web sites that contain spyware.

Impact

The main problem most people notice once spyware has been installed is slow performance of their computer. Symptoms may also include unresponsive software, a sudden rise in computer crashes, or improper operation of Internet Explorer. Some spyware can deliver large quantities of pop-up ads, change your home page, install a new browser toolbar, or redirect you to unfamiliar search engines.
Spyware is often associated with adware. Adware is also covertly installed on your computer, and can generate many unsolicited advertisements that clutter your desktop and affect productivity. The advertisements may also contain objectionable material, such as pornography, and they may pop-up on your screen even if you are not browsing the Internet.
However, the real impacts are the loss of privacy and the risks to security. Spyware collects information about you and your activities without your knowledge or permission. Often, companies that utilize spyware do so to collect data about web sites you visit and use it to improve their marketing rather than for more sinister purposes. Other organizations collect passwords, login details, account numbers, or personal files for more criminal pursuits, such as identity theft. In either case, because it is done without your permission, it violates your privacy.
 An example of this occurred when a spyware threat targeting 50 large international banks was discovered. This spyware posed as an image file named "img1big.gif" and was hidden in a pop-up ad. The image file was actually an executable that silently installed a malicious keylogger program when the user clicked the “Close” button on the ad. This keylogger was activated whenever the victim visited one of the 50 pre-programmed internet banking web sites, including Citibank. It captured critical personal information such as user names, account numbers, and passwords and then transmitted that sensitive data via http to another web site, http://www.refestltd.com/cgi-bin/yes.pl. This site has since been shut down. Authorities suspect that the threat originated in South America.
Finally, spyware can be costly to remove. IT organizations frequently have to resort to rebuilding a computer to completely erase all spyware traces—which may occur only after spending hours diagnosing the spyware problem and manually trying to remove it.

Removing Spyware

Removing Spyware manually can be very difficult and time-consuming. Spyware frequently embeds itself with core operating system or application functions, which can result in serious disruption if the spyware is not safely removed. Most spyware also includes multiple traces, or file fragments, which can remain as clutter on your system even after the spyware is disabled. This can result in re-installation of the spyware or it can cause continued performance problems. Thus, it is important to remove all traces of a spyware program.
More organizations are turning to anti-spyware programs to prevent and remove spyware. These programs can locate, quarantine, and then delete many spyware threats.  However, no single anti-spyware scanner is 100% effective, and you may require two or more products to effectively clean your systems. Anti-virus programs are just beginning to incorporate features to fight spyware, so you should not rely on your anti-virus software to detect or remove spyware. Some of the better known anti-spyware tools include:

  • Giant AS
  • Spy Sweeper
  • Ad-aware SE
  • Pest Patrol
  • Spybot Search and Destroy

Unfortunately, if your anti-spyware software is unsuccessful at completely removing spyware, the only option left is to rebuild the system. Removing spyware is difficult and costly enough to make preventing it in the first place a priority.

Recommendations
for end users

Successful spyware programs count on two things to infect your computer: your desire for free software and your gullibility. To prevent installation of spyware, take the following steps:

  • Don’t install software inadvertently. If you are browsing the web and see a dialog box asking you if you want to install a program, don’t automatically click the “Yes” button to install the software. Clicking the “Ok” or “Yes” or even “No” boxes in pop-ups can result in spyware installation. It is better to just close the window by clicking the “X” at the top right corner of the window rather than clicking any content. Alternatively, quit Internet Explorer and restart it to begin browsing again.
  • Avoid downloading free software. Check with your IT department before downloading or installing software. Investigate by searching Google Groups for the name of the free program and the keywords “spyware” or “adware”. You may find postings that indicate the program contains spyware.
  • If you must install free software, read the license and privacy agreements carefully. Often, these agreements will contain obscured statements indicating that the software may monitor and transmit information about your activities. Read the fine print.
  • Use a pop-up blocker to minimize spyware pop-up windows.
  • Install software designed to battle spyware—and keep it up-to-date. When running these spyware removal tools, do so in Safe Mode. Removal tools often cannot delete spyware while it is running.
  • Keep your Internet Explorer web browser at the security setting recommended by your IT department. A setting of medium or higher reduces your vulnerability to spyware.

Recommendations
for IT managers
  • Implement an internal system solution that will identify and stop unauthorized outbound information transfer from taking place, such as the Assurity River Group Technologies Intrusion Detection System.
  • Develop a written Information Security policy covering software downloading / installation by users.
  • Configure Windows domain security to prevent installation of unwanted software.
  • Configure Internet Explorer security settings to minimize spyware installation. Restrictive settings require testing to insure that essential web applications still function correctly.
  • Consider web site blocking products that restrict users to work-related web sites and selected safe sites.
  • Consider use of a pop-up blocker on end user browsers.
  • Select and test two spyware removal programs, keep them updated, and use them regularly.
  • Follow security recommendations on developing an effective computer virus protection program. These include:
    • Ensure that the most recent patches and releases have been installed for all servers, desktops, laptops, and gateways.
    • Consider limiting the type of email attachments that will be allowed. Attachments with file extensions such as .EXE, .PIF, .SCR, and .COM are commonly infected and should be blocked.
    • Educate employees on how to protect their systems (see “Recommendations for end users”), and on what to do if infected.
    • Scan programs prior to uploading.
    • Use virus protection software (many spyware threats are part of the payload in virus infections).
    • Perform periodic audits to test your anti-virus (and anti-spyware) software.
    • Use a security alert service so that you will know when new attacks occur.

Recommendations
for management
  • Educate your online service customers regarding precautions they can take to guard against spyware (see “Recommendations for end users”).
  • Consider limiting your liability via contract.
  • Provide a link on your web site for posting Security Alerts for your customers. Explain the risks of spyware.
  • Inform your customers regarding your policies for contacting them via email, and what warning flags should alert them to possible malicious attachments.

How Assurity River Group can help

Assurity River Group has helped organizations deploy and implement Windows and network security to improve their security and implement policy standards.  Assurity River Group possesses the knowledge and expertise with Windows and network technology to advise and assist your organization in getting these technologies to work for your operation.
There has been a dramatic increase in Spyware compromising internally protected systems.  Firewalls, virus scanning, and service pack upgrades and patching alone are no longer adequate safeguards.  Assurity River Group recommends a review of security procedures implemented across the organization to prevent, identify, and remove Spyware regularly.  Please contact us if you would like more information on how to address this within your institution.
Assurity River Group’s trained security personnel are available to help your organization be proactive in mitigating attacks against you and your customers.
Contact Jeff Olejnik (jolejnik@assurityriver.com) at 651.259.6888 for more information.