Spyware Trojans and Worms

Feeling a little insecure?

by David Bradley

The trouble with enabling technologies is just that. They enable. They enable the good guys to get on and earn a crust, which most would agree is no bad thing, But, they also enable the more malicious out-riders of society to play some rather nasty games using the likes of computer viruses, Trojans, worms, backdoors, and other malware. It seems that ever since Melissa and her friends started saying 'I love you' to complete strangers, these things have become increasingly familiar to most users and new viruses and worms appear on a daily basis. We can recommend this site for protection - http://scibase.xoftspy.hop.clickbank.net to get you started on your mission to destroy them.


There are, however, far more insidious threats to the sanity of computer users, which go by the names of spyware and adware, and are more broadly these days lumped together as malware. These virtual devices usually cause none of the damage to your computer that a virus or worm might, but offer what Internet activists refer to as a serious breach of personal privacy. Also included among the malware are rogue diallers, spyware trojans, and phishing emails.

Adware, simply put, is a program that runs in the background, while you are surfing the net, tagging the sites you visit, the links you click, the files you save, and reporting back to head office with a bunch of statistics and details of your browsing habits. The infamous 'cookie' file can be used in a relatively simplistic way as a form of spyware to capture information about visitors to a particular site. However, many cookies are legitimate and save you the effort of having to re-enter passwords and such to favorite sites and make online shopping possible.

But, some web sites do exploit the power of cookies to track your movements across the web, but the extension of this to true adware is remarkable. First, you have to unpack such a program and install it on your machine. Now, why would you do that, knowing that the program will simply use up your RAM and eat into system resources, slowing your PC while it reveals all kinds of information to its parent company? Well…the answer is obvious if you think about it, you are not generally made aware that it is happening at all. You install a seemingly useful software utility, more often than not a nominally 'freeware' program, but occasionally 'shareware' and even more scurrilously a paid for proprietary package. While the main installation of the necessary dynamic-link libraries, registry entries, system files and other widgets are being loaded on to your hard disk, there will be a secondary installation running too, hidden from view, that loads up the adware programs.

Then, next time you are browsing through a bunch of web sites, the adware, fired up by the launch of your browser, taps into the connection between you and the Internet and grabs whatever snippets of information it sees fit. For many people this might not seem too much of a threat at all, But what if the adware company, once it has analysed the information grabbed from your machine, then feeds back to web sites you have visited, or advertisement servers, this information, so that the next time you visit, the links and ads that appear are 'tailored' to your earlier travels? Maybe at first that does not sound such a bad thing either, but would you not prefer to make the choice about which sites you visit, rather than having edited links foisted on you without your knowing? More worryingly, is the extreme to which some adware takes this system, hijacking web pages you visit and highlighting particular keywords within a page to direct you to its own partner sites.

There is more, depending on how your internet connection is set up, the more sophisticated adware programs could, if they wanted to, grab more direct information from your hard disk, including personal data that could then be tied to your surfing habits for an even more tailored experience and perhaps something more sinister. And, who is to say that the adware is simply being used to fine-tune the adverts that are served to you through your browser? The tiny leap from market research to undercover intelligence gathering, gives adware's alter ego its name of spyware. If you are at all worried about the teenagers who run automatic hacking software and attempt to break through your computer firewall (you have got a firewall, haven't you?**) and grab your CV and typed letters home, then spyware is the Big Sister looking over your shoulder …and anyone could be running it. Just because you're paranoid, doesn't mean…

The problem of adware and spyware was perhaps first highlighted on the Web and various discussion groups five or six years ago by software author Steve Gibson (www.grc.com). He came up with a little package of his own - called OptOut - that could scan your files, the Windows registry, and your cookies folder looking for the telltale signs of adware. Indeed, Gibson has evidence that certain big name Internet companies were actively garnering information about users' downloading habits through their 'download optimiser' programs which purportedly shorten the time it takes to download a file from the Internet.

'Every time you use one of these utilities to download any file from anywhere on the Internet, the complete "URL address" of the file, along with a unique ID tag that has been assigned to your machine…is immediately transmitted to the program's publisher,' Gibson says. 'This', he adds, 'allows a database of your entire, personal, file download history to be assembled and uniquely associated with your individual computer . . . for whatever purpose the program's publishers may have today, or tomorrow.' Now, if you happen to have a dynamically assigned IP address, i.e. the numerical name by which your computer is known each time you connect to the Internet, then this 'unique' tag may be irrelevant. However, many users have static IP addresses, especially those on corporate and academic networks, and those with broadband access, where connecting and disconnecting throughout the day is no longer the necessity it once was with a dial-up connection. Moreover, connection devices such as cable modems have their own unique ID (MAC address), which can easily be grabbed by a spyware program. Add this to the cooking of a cookie that carries your name, address, and password say, then the combination of data the spyware can gather very much pinpoints your activities on the Internet to you as an individual.

The companies involved initially denied this was happening at all, but Gibson snooped inside the packets of data that were being sent to one particular company through their download software and discovered that his name and private e-mail address were certainly being squirted direct to head office each time he downloaded a file. The program tapped into a cookie placed on his hard drive following an online purchase and was used to tag the program's own recordings of his download activity.

These download optimisers do sometimes provide the option to switch off their 'phone home' behaviour, but they are usually operational by default. You would have to be aware of the option to know to turn them off, assuming you wanted some privacy. Indeed, Gibson has applied pressure on the industry and one of the companies involved, having admitted to its program's faults, intends to remove them.

Now that such dealings are being outed, users can do something about regaining control of their online privacy. The trouble is, with Adware and Spyware, however, you would not likely know they were running at all. There is a solution, of course, LavaSoft's Ad-aware, Spybot Search & Destroy,*** and Pest Patrol, do the same job as the now obsolete OptOut, trawling your computer for the tell-tale signs of adware and then allowing you to delete the offending programs and cookies. Deletion of the spyware components of some programs may, however, render the program itself inoperable, essentially forcing users to reinstall the whole package, spyware and all, if they want to continue using the utility. There is also the issue of the legality of 'engineering' a utility so that it does not run its spyware sibling; you may actually be breaking the law in attempting to protect your privacy. Download the demo of Ad-Aware and give it a try…you'll be in for a serious shock.

To save you the trouble of doing such a check, however, there are also a couple of lookup tables available on the web that list the offending software so you can avoid even bothering to install them in the first place if you want to avoid being spied on. http://www.infoforce.qc.ca/spyware/ and http://www.spychecker.com/. With spychecker you type in the name of a suspect program and the site tells you whether or not it is a spyware package. Lavasoft also provides a listing of alternatives to some of the more commonly used types of program - downloaders, FTP, browsers etc - that are contaminated with spyware.

Spyware does not have to be all bad, of course, and indeed companies such as Internet Security Systems (http://www.iss.net/) are offering webmasters a security system that deliberately spies on a system, scanning activity, behind the scenes, snooping into the hard drive and comings and goings of visitors to a web site and unearthing viral and Trojan activity. The system helps ensure that nothing gets uploaded to web server during an interactive session, for instance, so that nothing destructive can open a backdoor.

There are many more threats to net users than there ever were as more and more users come online and companies and individuals vie for control. Viruses, denial of service (DOS) attacks, and Trojans are becoming all too familiar. The culprits behind these problems tend not to be members of the commercial world, but rather activists, 'hackers', and curious youngsters with a few bits and bytes to play with. With the right software you can deny them all access. Adware and Spyware, on the other hand, are an insidious threat that many uses unwittingly succumb to when they install any of countless otherwise useful programs and software utilities. Watch out, you never know who's spying on you.

Footnotes

* While cynics occasionally suggest that computer viruses are merely the creations of the antivirus software houses, these nasty chunks of code nevertheless pose a significant threat to anyone who commonly receives attachments by e-mail or uses any software from even the most reliable of sources, which after all covers most of us. We should all be running up-to-date antivirus software on a regular basis.

There are countless reviews and debates about which companies produce the best, but among them Sophos for business users seems to be pretty much on the ball but F-prot and McAfee often beat the more well-known systems like Symantec and Norton (this pair are now under the same corporate umbrella).

Some competent users favour a belt-and-braces approach to viruses, but an extra support makes you even less likely to lose your trousers. You can also run a decent quarantine unit on e-mail attachments, such as that available with Zone Alarm (www.zonelabs.com), which won't allow you to open attachments without warning.

** If you are in a corporate or academic environment, the likelihood is that your IT department will have installed a hardware firewall as part of the network. But, when you're working from home, especially if you have a broadband 'always on' connection to the Internet, or even if you don't mind spending penny after penny and leave your dial-up connected for hours on end, a personal firewall is essential. Zone Labs, Zone Alarm is one of the best known and most popular and in the Pro version allows a great deal of control over what packets of net information can and cannot be passed to your computer. Indeed, you can set the security level so high that you're computer becomes invisible to the outside world while still allowing you to browse the web, transfer files, send and receive e-mail and generally connect to other computers.

Whichever firewall you use, Steve Gibson's website provides several tests that can check just how 'hidden' your system is from the outside world. A simple program called Leaktest (28kb download) tries to breach your firewall from the inside. If it succeeds, then it demonstrates that your computer may be vulnerable to Trojans and backdoor programs, such as Back Orifice. You'll need to adjust your firewall security level, try again and if it fails you are safe, if it succeeds again, you probably need a less permeable firewall. Shields Up does something similar but from the outside, attempting to probe the various ports that act as entry points into your computer from the Internet. There are several simple changes you can make to your system to overcome the problems if Shields Up reveals a gaping hole in your security.The original version of this item first appeared in The Alchemist on ChemWeb.com

 

***Make sure you get the legitimate version of Spybot Search and Destroy from Patrick Kolla at Safer Networking Ltd (there are rogue versions of this software around). Also, don't be tricked into downloading alleged spyware-beating software from a spam mail as often those packages are themselves simply spyware. I'd also give Microsoft's anti-spyware program a miss, as it seems to have produced a number of false positives, infamously deleting Internet Explorer for some users! We can also recommend this antispyware site http://scibase.xoftspy.hop.clickbank.net to get you started on your mission to destroy them.