Spyware is sneaky
En route between Hamburg and Hanover.
You might say viruses attempt to avoid removal but the essence of a virus is to spread and thus it is impossible to hide. The virus grabs your email address book and starts to spew copies of itself to the world. Or it starts to append itself to every executable on your hard drive. It is busy, noisy, and disruptive. It leaves obvious traces.
Spyware on the other hand has more nefarious purposes than viruses. Of course there are the keystroke loggers, programs that record everything you type: email, Word docs, IM’s and anything you type into web forms such as PINs, passwords, and user names. These have to be very stealthy to avoid collection. As long as they reside on a PC they are valuable to the hacker behind them. Adware generates revenue for the entities that spread it. If it were easy to remove they would garner less revenue so they design it to be either hard to find or hard to remove. Some sneaky things adware will do include:
-install as another program or with names that look legitimate such as IEHelper. -Randomize the names under which they install. Cool Web Search is the best at this. -Overwrite existing DDLs and registry entries. This can break a computer or application so it is not very elegant. -Install “listeners�? that notice when the mail files have been eradicated and regenerate them under new names. Another news item. OKLAHOMA CITY (AP) -- Someone placed surveillance software on sheriff's office computers, apparently enabling unauthorized access to sensitive information about prisoner movements, confidential homeland security updates and private personnel files. Sheriff John Whetsel said Monday Spector Pro, monitoring software designed to track every detail of computer activity, was found last week on three computers in his office. Whetsel said he discovered the software on his own computer when he ran a spyware detector out of curiosity.
Reminds of the time I had an opportunity to visit three levels of government in the same city. I gave a presentation to most of the CIO’s and security people in this particular town, which happened to be the largest city in the state. Then, right after lunch I met first with the folks from the state’s IT department, then with the city’s. Both said that security was completely out of control. They had never revoked an employee’s credentials even after they had left, they had public terminals connected to their networks, they did not enforce desktop passwords… it went on and on. Don’t forget that welfare, Medicaid, DMV, revenue are all connected to a typical state’s network.
My final visit of the day was with the city police department. I asked them if they had critical information that they were trying to protect? Well yes, the true identities of under cover police(names, home addresses) were stored on a desktop computer. Not encrypted. I asked them about their security. Oh, no problem there, they said. They had a firewall in front of their web server. That was the only network connection, well… besides the connections to the state and city networks!
My recommendation to all members of law enforcement. Run spy audit on your computer today.
Originally published at www.threatchaos.com