- Picked up anything nasty from browsing lately? While
viruses, internet worms and hackers may be stopped by anti-virus software
and firewalls, the latest spyware arrives through Microsoft's Internet
Explorer. And unless it starts popping up adverts or installing unwanted
toolbars, you're not going to know it's there. "Spyware is now probably
the largest mass fraud area the world has ever seen," says Nick Ray,
chief executive officer for the intrusion protection specialists Prevx
Ltd. "Once they've got hold of your PC, they can do virtually anything."
-
- Although installing free software commonly introduces
spyware, an increasing proportion sneaks in unnoticed. "Attackers
are looking at new infection methods that bypass anti-virus and firewalls.
They can download and execute code on your machine as part of the process
of web browsing," says Ray. Called a "drive-by download",
it relies on invisible code in web pages. You don't even need to click.
-
- Barb Rose, the director of communications for the spyware
protection company PestPatrol, is in a better position than most to avoid
this. The company has a vast spyware information database: it knows what's
out there and how to remove it. Where spyware doesn't silently self-install,
users will be duped into giving consent. Be warned: spyware will take over,
throwing up adverts, diverting your web searches and monitoring where you
go on the web.
-
- "Spyware also spreads through the use of downloaders;
programs which, once installed, begin to secretly download and install
other programs on a user's machine. If a single downloader gets onto a
computer, it will soon be running dozens of spyware programs, with no further
action required on the part of the user," says Rose.
-
- But surely you'd notice? Not necessarily. Spyware is
hidden on your hard drive. It can change security rights, open a "port"
out to the internet through your firewall, and switch off Windows functionality.
Worse still, much spyware is self-repairing and silently updating, defeating
all but the most determined attempts to remove it manually.
-
- Rose thinks that spyware is becoming one of the greatest
threats to computing today. "Its malicious code can destroy files,
steal personal information, and hijack your computer for use in mass-mailings
or attacks on other computers. Even just popping up adverts, a practice
which at first seems annoying but harmless, can quickly hog a system's
resources and reduce it to an unusable state," she says. No wonder
15 per cent of Dell's support calls are spyware-related, while Microsoft
says it causes more than 50 per cent of the Windows operating system failures
reported. (A major focus of Microsoft's free SP2 Update is to close holes
in Internet Explorer exploited by spyware; it succeeds with many, but not
all.)
-
- However, it's the invisible spyware that's causing concern.
A survey in June by Webroot Software, a protection software company, with
Earthlink, an American ISP, showed that one in three personal computers
scanned had a hidden system monitor or Trojan horse program. Nick Lewis,
Webroot UK's managing director, also worries that drive-by downloads are
getting worse: "From the volume of calls we get, it does seem to be
an increasing problem."
-
- Spyware is motivated by money, adds Lewis, who suggests
that virus writers have turned to spyware to make cash from pop-up adverts,
premium-rate diallers and information-stealing key loggers. "The people
writing the code don't want to be detected. If they are detected, the last
thing they want is to be removed."
-
- Prevx's Ray sees more sinister motives: "The people
writing spyware are selling it to organised crime. Organised crime is making
money by fraud, stealing passwords, stealing e-mail addresses and hijacking
people's machines in order to use them as zombies for spam and distributed
denial of service attacks." As The Independent reported on 31 July,
criminals can buy services that range from sending one million revenge
e-mails, to bringing a commercial website to its knees.
-
- Some spyware is based on programs known as "browser
helper objects", which piggy-back onto Microsoft's Internet Explorer.
"Once it does this, the browser helper object can interact with or
override any portion of Internet Explorer, intercepting requests, altering
windows, and so on. This allows for very powerful, very helpful tools,"
says Rose. She continues: "It also allows for very dangerous spyware."
-
- Consider this real example. A small pop-up advert appears.
Then, within seconds, in a process involving a Microsoft security vulnerability,
hidden pop-under adverts and a hacked website, a "browser helper object"
is secretly downloaded and installed. Later when you visit your online
bank (the software watched for Lloyds TSB and Barclays), it quietly captures
your user name and password from inside Internet Explorer and sends them
to a remote computer. You've just become a drive-by spyware victim.
-
- So what is Microsoft doing to stop this? Stuart Okin,
chief security advisor for Microsoft UK, says spyware is part of a wider
trend of computer-related criminal activity. "Microsoft continues
to work with governments, law enforcement agencies, partners and customers
to combat such activities and help bring these criminals to justice."
-
- The real problem for Microsoft - security vulnerabilities
aside - is that spyware writers find deception easy. Okin promises improvements
with the Windows XP Service Pack 2, whose new features include improved
security settings, a pop-up blocker and download monitoring.
-
- "For spyware specifically, Windows XP SP2 takes
steps to mitigate deceptive software, focusing on blocking potential entry
points and distribution methods," says Okin. Microsoft also wants
to help customers trust the software they're using.
-
- Perhaps that's the problem. Users do trust anti-virus
and firewalls (which you must have), yet they're not spyware-proof. Some
vendors are taking action. "Symantec sees spyware as a growing problem
for a large number of users, which was the driver for the inclusion of
spyware detection in the 2004 version of Norton AntiVirus," says a
spokesperson for the company.
-
- Firewalls won't prevent drive-by downloads either, but
they might stop installed spyware contacting the outside world. If you
do get infected, spyware removal tools such as PestPatrol, Lavasoft's Ad-Aware,
Spybot Search & Destroy and Webroot's SpySweeper, can be problematic,
with users saying that one tool misses what another finds. Plus, the big
risks - as with viruses - come from the new, unrecognised threats.
-
- One suggestion that security experts make is to drop
Internet Explorer altogether. One alternative is Mozilla (www.mozilla.org)
and its siblings, including Firefox and Thunderbird: apart from being nicer
browsers, they are more security-aware. A more radical option is to use
the Linux operating system. A simpler answer is to join the burgeoning
ranks whose standard line-up now includes not only a firewall and antivirus
software, but anti-spyware software too. "Think of us as a last resort
in terms of protection," says Ray. "Our product is designed to
deal with threats that cannot be stopped by other mechanisms."
-
- That product - Prevx Home - is a piece of free software
that stops worms, hackers and spyware by preventing suspicious or known
bad behaviour. Certainly, a version still in development that The Independent
tried against a spyware-laden Armenian website successfully forestalled
vigorous silent install attempts. Annoyances such as home page or search
hijacking, and new toolbars are also repelled while a paid-for professional
version offers greater protection. Browsing the increasingly dangerous
internet just got a bit safer - for now.
-
- ©2004 Independent Digital (UK) Ltd. All rights reserved
http://news.independent.co.uk/world/science_technology/story.jsp?story=564267
|