Spyware motives raise concerns

Powered by SC Magazine
 

Spyware is becoming a more serious threat as profits become a bigger incentive for hackers and other online criminals, a security vendor has claimed.

Spyware is becoming a more serious threat as profits become a bigger incentive for hackers and other online criminals, a security vendor has claimed.

Adam Biviano, senior systems engineer at Trend Micro, said 70 percent of malware samples Trend Micro found 'in the wild' were now profit-driven.

"In the past, [malware authors] were script kiddies and programmers out to make a name for themselves."

That had changed, he suggested.

The aim was no longer to cause widespread damage but to set up a discrete network of PCs to launch denial of service (DOS) or spam attacks, Biviano said.

Such 'bot' networks were the result of malicious spyware installations that let a remote third party take control of a PC. However, blocking spyware was not as simple as blocking a virus, Biviano said.

"With viruses it was very cut-and-dried. A virus was 'bad' and needed to be stopped."

The spyware situation was not so clear cut, he said.

Terms and conditions buried in software licence agreements made it difficult for security companies to effectively block intrusive applications without risking legal action from software vendors. TrendMicro called such applications "greyware".
 
"With greyware, it's neither black nor white," Biviano said. Instead of blocking the application outright, security software let the user determine whether a program had been run.

Western Australia senator Brian Greig, of the Australian Democrats, would like to see such software better regulated. The Democrats had proposed a Spyware Bill that would establish privacy protection guidelines for such spyware.

A law could facilitate prosecution of the creators of more malicious trojan and keylogger spyware, he said.

Rich Mogull, vice president of  information security and risk at IT analyst Gartner in the US, said laws were needed to make an example out of malware perpetrators but shouldn't be depended on to eliminate the problem.

Laws in the US had some impact but mostly had not been significant, he said. 

Serious criminal acts, such as using spyware to collect credit card details, would always find a way, Mogull said.

However, the California State Bill 1386 had been effective. That Bill had required a company to notify Californian residents if certain combinations of personal information were lost.

That Bill had become law in the State of California, and the public disclosure of information loss that followed had spurred other countries into implementing similar laws, Mogull said.

With credit card theft, phishing and other online criminal activity becoming more common, companies' security efforts would likely focus on protecting their customer data, Mogull said.

Malware attacks were expected to go on getting more serious over the next one or two years, Mogull added.

 


 
 
 
Top Stories
First look: Microsoft Outlook for iOS
[Update] Office productivity suite for iOS completed with Outlook.
 
NewSat defaults on $26m in overdue Lockheed payments
Jabiru-1 satellite build hits further hurdles.
 
IBM denies plans to cut 112k jobs
But admits to further restructuring.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  36%
 
Your insurance company
  5%
 
A technology company (Google, Facebook et al)
  9%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  4%
 
A Federal Government agency (ATO, Centrelink etc)
  18%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  7%
TOTAL VOTES: 3109

Vote
Do you support the abolition of the Office of the Information Commissioner?

   |   View results
I support shutting down the OAIC.
  27%
 
I DON'T support shutting the OAIC.
  73%
TOTAL VOTES: 992

Vote