The Cost Of Spyware

March 8, 2008 – 3:47 PM

Spyware is not just annoying. Spyware is hitting all of us in the wallet as tech support firms must deal with millions of customers infected by it.

Some studies claim that as many as 97% of all personal computers may be infected by various spyware programs. Personally, I believe that number is incorrect. Probably that number includes machines which had nothing more than tracking cookies. While cookies can be abused to spy on a person’s web surfing, the cookies themselves are not spyware.

Whatever the actual percentage, the fact remains that countless millions of people find their personal computers hijacked by some form of spyware, adware or a browser hijacker. Many of those people call for technical support from their computer maker or their ISP. That creates more cost for those companies and they pass those costs back to their customers. Even if you never have spyware on your own computer, the cost of your computer and internet service may be higher due to the cost of repairing those that do become infected.

http://www.spywareinfo.net/nov10,2004#cost

Trojan infects PCs to generate SMS spam

March 8, 2008 – 3:46 PM

A Trojan which uses infected PCs to send spam messages to mobile phone users has been discovered. Delf-HA Trojan horse sends spam SMS messages by using the free “Send a text message” facility found on the websites of several Russian mobile network operators. Infected PCs download instructions on the content of junk SMS messages from a separate website.

Only a small number of instances of the Trojan horse have been sighted so far, and the junk message it generates are confined to Russia. SMS messages are sent to numbers with the +7921 prefix (followed by six randomly generated digits) and to +7911 (followed by six randomly generated digits). The attack is significant only in illustrating the twisted ingenuity of spamming scumbags.

“We’re getting used to the idea of infected PCs being used to send email spam but this is taking the idea one step forward creating a ?botnet for spamming mobiles?”, said Graham Cluley, senior technology consultant at anti-virus firm Sophos.

http://www.theregister.co.uk/2004/11/09/sms_spam_trojan/

Insecurity begins at home

March 8, 2008 – 3:45 PM

Spyware is rife and virus infection commonplace yet many home users reckon they are safe from online threats.

An AOL/National Cyber Security Alliance (NCSA) Online Safety Study – conducted by technical experts in the homes of 329 typical dial-up and broadband computer users across the US – found that most computer users think they are safe but lack basic defences against viruses, spyware, hackers, and other online threats. Only half of broadband consumers used a firewall.

Worse still four in five of home PCs inspected were infected with spyware. The average infected user has 93 spyware/adware components on their computer. Two thirds lacked up to date anti-virus software. One in seven users (15 per cent) had no AV software at all – so it comes as no particular surprise that one in five of the surveyed PCs were infected by a virus.

Despite this legion of problems 77 per cent of those polled reckon they are safe from online threats. The NCSA wants to shake this complacency and encourage more people to guard the sensitive personal and financial information many keep on home PCs from attack.

“The results validate our purpose – to raise awareness and change behaviour,” said Ken Watson, chairman of the National Cyber Security Alliance. “Extrapolating the percentages in our survey, this indicates that millions of Americans are at risk – and are already infected – by viruses, spyware, and adware. With October as National Cyber Security Awareness Month, now is the perfect time for every American to review the protections they have and make sure those protections are up-to-date and complete.”

http://www.theregister.co.uk/2004/10/26/us_home_security_survey/

Web Sites Force Pop-ups Past Blockers

March 8, 2008 – 3:45 PM

On the whole, the internet is a good thing for humankind. However, the internet does have its dark side. Everyone with a regular internet connection knows that there is an unholy trinity that threatens to make the internet so unpleasant that people would rather not use it at all. The members of this digital axis of evil are spam, spyware and the pop-up ad.

Nearly every person who surfs the internet regularly hates pop-up ads. Businesses have been boycotted for blanketing the web with pop-ups. When X-10, a company infamous for using pop-up ads, went bankrupt, thousands of people around the world stood up and cheered at their misfortune. Web sites that use pop-ups receive tons of hate mail and lose visitors as people refuse ever to go back.

Advertisers and web site owners say that the people who complain about pop-ups are simply freeloaders, people who want everything for free. If that is true, then explain the multi-million dollar software industry that has sprung up to sell pop-up blocking software. People hate pop-ups so passionately that they are willing to spend thirty or even forty dollars buying software to block them.

The problem of pop-up ads has grown so frustrating that every single web browser now features a pop-up blocker. Even Internet Explorer, a browser whose most current version is over three years old, has been updated to include a pop-up blocker.

With tens of millions of people going to such extraordinary lengths to avoid pop-up ads, you would think the web sites that use them would see that they are driving away visitors and would stop using them. Unfortunately, many site owners simply do not care if they anger their visitors. These sites are experimenting with ways to circumvent pop-up blocking software.

The good blocking programs will block pop-up windows that spring up automatically but will allow pop-up windows that come up as a result of user action. That means if you click on a link and that link activates a pop-up window, the program will allow that window to form. At least one site, that of The Drudge Report, exploits this loophole to pop up ad windows.

Other sites are beginning to use slider ads if they detect that pop-ups are being suppressed. A slider ad uses either javascript or DHTML to cover the content on a web page with an advertisement. It is not a separate window; it is part of the page itself. Very few pop-up blockers deal with slider ads. That is unfortunate because a slider is far more intrusive and annoying than any pop-up ad ever could be. At least you can move a pop-up window out of the way. Sometimes the only way to be rid of a slider ad is either to click it or close the entire window.

I do not understand this mentality. If someone has gone to the trouble of suppressing pop-up ads, why do they believe the answer is to force something even more intrusive upon the visitor? Common sense would say that anyone who deliberately blocks pop-ups is going to react angrily to an advertisement that pops up anyway.

Is this really how a business wants to present its product to a potential buyer, by enraging that person? Does Acme Widgets really believe Joe Surfer is going to buy a widget because their advertisement defied Joe’s efforts to block it?

What Joe is going to do is to close that advertisement. If Acme Widgets is lucky, Joe will never see the content of the advertisement. If they are unlucky, Joe will note the product being pitched and will vow never to buy anything from that company. In either case, he is unlikely ever to return to that abusive web site.

That is really the only way we ever will be rid of pop-up ads. Pop-ups are like spam. They exist because foolish people buy the products being pitched in them. If you buy something pitched in a pop-up window or slider ad, even if you merely click the links in the ad, you are directly responsible for their existence.

Never, EVER interact with a pop-up window or slider ad except to close it. Never, EVER interact with spam except to delete it. If people refuse to buy from a pop-up ad and refuse even to click the links, advertisers will stop using them.

http://www.spywareinfo.net/oct22,2004#popups

SANS Top 20 Internet Security Vulnerabilities

March 8, 2008 – 3:44 PM

The vast majority of worms and other successful cyber attacks are made possible by vulnerabilities in a small number of common operating system services. Attackers are opportunistic. They take the easiest and most convenient route and exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems. The easy and destructive spread of worms, such as Blaster, Slammer, and Code Red, can be traced directly to exploitation of unpatched vulnerabilities.

Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red, as well as NIMDA worms – are on that list.

This SANS Top-20 2004 is actually two Top Ten lists: the ten most commonly exploited vulnerable services in Windows and the ten most commonly exploited vulnerable services in UNIX and Linux. Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these twenty vulnerable services.

The Top-20 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document.

The SANS Top-20 is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods of protection are identified, and we welcome your input along the way. This is a community consensus document — your experience in fighting attackers and in eliminating the vulnerabilities can help others who come after you. Please send suggestions via e-mail to [email protected].

http://www.sans.org/top20/