Identity Theft is the fastest growing crime in the US according to the FBI
 

Spyware – Understanding and Addressing The Risk – Part One

Written by OSAblog on Friday, June 19th, 2009

“Spyware” is no longer simply a nuisance to enterprises. It is estimated that 90% of desktop PCs are infected with some form of “Spyware” (Source : US National Cyber Security Alliance). According to Gartner between 20 and 40% of enterprise helpdesk calls are now related to unwanted “Spyware” programs.

There are different classes or types of “Spyware”. These are summarised below.

  • Tracking Cookies. Cookies are text files saved by the browser that allow tracking of user activity on a website. Users typically allow cookies as some sites won’t work without them or they are useful in that they store information about personal preferences, IP addresses, login information, user options and date and time stamp of the last time the site was visited. Cookies may also contain any information provided by a user during a particular visit – including any personal information provided in the course of completing forms. Cookies are at the most benign end of the “Spyware” spectrum.
  • Adware. This form of “Spyware” is responsible for generating the by now familiar pop-up, pop-under, banner, floating and animated advertising seen whilst surfing the web. Adware typically uses advanced scripting that manipulates the browser by exploiting flaws in Java, ActiveX, the operating system and the browser itself. Adware may collect information for cookies and report information directly to sites on the Internet. On clicking-through ads additional cookies or utilities may be installed silently. Some adware makes changes to browser settings – resetting the homepage for example – or to the user system (including Windows registry changes). Often clicking on ‘No’ or ‘Cancel’ buttons within the advert result in the same code executing as if the user had clicked on ‘Yes’ or ‘OK’. Adware is the greyest area of “Spyware” – some Adware certainly should be considered as malicious ‘malware’.
  • Scumware. Scumware modifies the contents of a web page adding hypertext links and alternative text. Scumware can also position competitive ads over the originals. Scumware can also install hidden or background processes and services and should therefore be considered as malware.
  • Malware. Originally malware referred to viruses, worms and Trojan horses. The term also applies to the more disruptive forms of “Spyware”. Such programs might enable third parties to take control of microphones and web cams installed on a particular client, make changes to browser and systems settings, launch Web activity even when all browser sessions are shut down, install hidden or background processes and services. Keyloggers fall into this category. Malware is the most damaging of all types of “Spyware” from a risk perspective. It should be noted that this form of “Spyware” is increasingly being spread through Instant Messaging applications.

1.1   Different Variants, Different Risks

The different types of “Spyware” present different risks to enterprises. Cookies raise privacy concerns but are relatively low risk.

Adware can begin to impact heavily on productivity. Orthus are aware of several instances where close to 200 different pieces of Adware were present on a single client degrading performance to the point where the client was unusable. In addition to user productivity, productivity is affected through increased help desk calls and the time spent by help desk staff in cleaning up or re-building infected machines – which in turn further impacts user productivity whilst the infected machines are unavailable.

Malware, and keyloggers in particular, represent a significant risk as demonstrated in the recent attacks against Sumitomo Bank, a number of Israeli businesses where a bespoke program was used to specifically target them, and the long running case of Juju Jiang who installed keyloggers in 13 Manhattan Kinko’s shops and made off with 450 online banking passwords and usernames over 2 years. More information on each of these incidents is available on request. The risk of data leakage – of both personal and corporate information – is a very real threat with the most malicious type of “Spyware”.

Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/spyware-understanding-and-addressing-the-risk-part-one-981983.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Speed Up & Regain Control Of Your PC By Quickly And Easily Eliminating Spyware And Adware That Invade Your Privacy And Security. Spyware finds its way over the Internet then infects your laptop and pc. This is how you can encounter spyware and other types of malware in various methods, including: * Clicking onpop-up windows. * Downloading unknown files or software. * Opening e-mail from unknown sources often contain spyware infected attachments.......
  • What Is Phishing and How To Avoid It Phishing is a criminally fraudulent process made in attempt to scam an Internet user into surrendering private information that will be used for identity theft. It is usually made through email. Phishing is a lucrative computer crime which is growing rapidly in the last few years. The best way to......
  • Think of it As a Safety Net Unless you are an IT or MIS technician or manager, you may have never heard of proxy servers. Most non-technical employees don't know the ins and outs of the technology systems they work with on a daily basis. In non-technical language, proxy servers are controllers or intermediaries, and can be......
  • Comprehensive and Customized Penetration Testing For Your Security Needs In the world of computer security, application penetration testing is the most vital concept. Testing is a way used to test a computer system or network to examine possible points where unauthorized access can be attained. The reason of penetration testing is to locate any and all points of vulnerability......
  • Identity Theft and What You Can Do About It - Part Two What Should I Do To Avoid Becoming A Victim Of Identity Theft? To reduce or minimize the risk of becoming a victim of identity theft or fraud, there are some basic steps you can take. For starters, just remember the word "SCAM":   “S”  Be STINGY about giving out your......
Blog Traffic Exchange Related Websites
  • A Simple 8 Step Formula For Testing Your Headlines I am going to let you in on a secret? The successful entrepreneurs are not successful because they know things that you don’t know. They are successful because they TEST every advertising campaign they embark on first before they start spending "big" money on effective forms of newsletter and ezine......
  • Affiliate Marketing: Staying Away From Scams. Useful Facts to Be Aware of A lot of us are upset and frustrated with our present jobs. The low pay and sense of being undervalued drive many of us to dream of our own businesses. However, the costs combines with the risk factors stops a good number of us in our tracks. Affiliate marketing is......
  • Are You New To Forex Market? - Then This Info Is Just For You! When a person has some amount of money to invest Forex is one of the most accessible and available markets. If you also consider investing in Forex market you need to find out more about it. People start to trade currencies to make profit which is based on currency exchange.......
  • What is the Gensona Heart Health Genetic Test? Syndicated from eZineArticlesIn the last decade, studies in men and women have shown that inflammation is an important risk factor for heart disease, perhaps equal in importance to unhealthy cholesterol levels. Recent scientific discoveries indicate that some of the risk for cardiovascular disease, including heart attacks, is due to variations......
  • Kodak Express - Bring Out The Photographer Within You Photography has its origin in the 19th century, when the first ever photograph was developed. Since then, there have been several milestones in this fabulous domain of portraits and images. However, the most distinct among them has been the introduction of color films and color photography, which was achieved by......
 

Leave a Comment

CommentLuv Enabled

« Spyware – Understanding and Addressing The Risks – Part Two | Home | 10 Best Practices for Secure Coding »