“Spyware” is no longer simply a nuisance to enterprises. It is estimated that 90% of desktop PCs are infected with some form of “Spyware” (Source : US National Cyber Security Alliance). According to Gartner between 20 and 40% of enterprise helpdesk calls are now related to unwanted “Spyware” programs.

There are different classes or types of “Spyware”. These are summarised below.

• Tracking Cookies. Cookies are text files saved by the browser that allow tracking of user activity on a website. Users typically allow cookies as some sites won’t work without them or they are useful in that they store information about personal preferences, IP addresses, login information, user options and date and time stamp of the last time the site was visited. Cookies may also contain any information provided by a user during a particular visit – including any personal information provided in the course of completing forms. Cookies are at the most benign end of the “Spyware” spectrum.
• Adware. This form of “Spyware” is responsible for generating the by now familiar pop-up, pop-under, banner, floating and animated advertising seen whilst surfing the web. Adware typically uses advanced scripting that manipulates the browser by exploiting flaws in Java, ActiveX, the operating system and the browser itself. Adware may collect information for cookies and report information directly to sites on the Internet. On clicking-through ads additional cookies or utilities may be installed silently. Some adware makes changes to browser settings – resetting the homepage for example – or to the user system (including Windows registry changes). Often clicking on ‘No’ or ‘Cancel’ buttons within the advert result in the same code executing as if the user had clicked on ‘Yes’ or ‘OK’. Adware is the greyest area of “Spyware” – some Adware certainly should be considered as malicious ‘malware’.
• Scumware. Scumware modifies the contents of a web page adding hypertext links and alternative text. Scumware can also position competitive ads over the originals. Scumware can also install hidden or background processes and services and should therefore be considered as malware.
• Malware. Originally malware referred to viruses, worms and Trojan horses. The term also applies to the more disruptive forms of “Spyware”. Such programs might enable third parties to take control of microphones and web cams installed on a particular client, make changes to browser and systems settings, launch Web activity even when all browser sessions are shut down, install hidden or background processes and services. Keyloggers fall into this category. Malware is the most damaging of all types of “Spyware” from a risk perspective. It should be noted that this form of “Spyware” is increasingly being spread through Instant Messaging applications.

1.1   Different Variants, Different Risks

The different types of “Spyware” present different risks to enterprises. Cookies raise privacy concerns but are relatively low risk.

Adware can begin to impact heavily on productivity. Orthus are aware of several instances where close to 200 different pieces of Adware were present on a single client degrading performance to the point where the client was unusable. In addition to user productivity, productivity is affected through increased help desk calls and the time spent by help desk staff in cleaning up or re-building infected machines – which in turn further impacts user productivity whilst the infected machines are unavailable.

Malware, and keyloggers in particular, represent a significant risk as demonstrated in the recent attacks against Sumitomo Bank, a number of Israeli businesses where a bespoke program was used to specifically target them, and the long running case of Juju Jiang who installed keyloggers in 13 Manhattan Kinko’s shops and made off with 450 online banking passwords and usernames over 2 years. More information on each of these incidents is available on request. The risk of data leakage – of both personal and corporate information – is a very real threat with the most malicious type of “Spyware”.

Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/spyware-understanding-and-addressing-the-risk-part-one-981983.html

Be Sociable, Share!

• 

Technorati Tags: about spyware, spyware, understanding spyware