 
|
|
In partnership with:
|
25 October 2007 RSA Europe 2007: Spyware cashes in quietlyEleanor DallawaySpyware is the most rapidly evolving threat on the threat landscape at the moment, and it will continue this way into 2008, said Gerhard Eschelbeck, chief technology officer of Webroot Software, at RSA Europe in London on 23 October. Spyware is software that covertly gathers information through a user’s internet connection without their knowledge for malicious purposes. “It’s financially motivated and it takes advantage of human nature,” said Eschelbeck. Spyware steals system resources, shows unwanted advertisements and re-directs users through false search results and other hijacks. “These days spyware is invisible and this is what makes it so dangerous,” said Eschelbeck. “Its objective is to stay undetected for as long as impossible, so it can infect the system slowly. These guys aren’t in it for the fame, they’re in it for the money.” Spyware will take screen-shots of a user’s internet activity in order to collect personal and financial details from that user’s PC. “Money feeds the spyware machine – spyware producers display advertisements and earn revenue.” “Tracking the money-flow from spyware is very difficult, and there have been very few successful prosecutions,” he said. “It works like this: spyware producers pay web properties commission. Site owners are paid to install spyware onto a user’s machine, and software producers are paid to put spyware on their software.” “Spyware is harder to find, and therefore harder to remove [than viruses]”, said Eschelbeck. “A spyware signature typically has between 200 and over 500 traces on an infected desktop. These traces require thousands of removal routines to deal with registering entries, watcher programs and processes.” Drive-by websites are one of the newest spyware traps. Assuming human error, sites addresses such as googkle.com are activated and pre-loaded with spyware. When an unsuspecting user makes a typing error when searching for Google, they will land on the drive-by site. “This is one of the most common ways of getting infected today,” said Eschelbeck. Thirty-four per cent of spyware comes from the US, followed by 14% from the UK, although this doesn’t necessarily mean the spyware was generated in these countries. The reason for this is that both the US and UK are English-speaking and have a large percentage of their population owning computers. “Spyware still tends to hide in dark sites on the internet – mainly porn and gambling sites,” said Eschelbeck, who admitted that to date “there have been no large exploitations of non-Internet Explorer or non-Windows servers”. ”I’d advise people to buy a solution that gives both anti-virus and anti-spyware protection. There’s no point in buying them individually – you should search for the strongest product which gives you both,” he concluded. Eight tips to avoid spyware 1. Say ‘no’ to free software. Consider what’s
trustworthy, popular and well known. Be alert and sensible when
choosing what to download for free. Source: Gerhard Eschelbeck, Webroot See news index for other RSA coverage
|
|
