Spyware motives raise concerns

Powered by SC Magazine
 

Spyware is becoming a more serious threat as profits become a bigger incentive for hackers and other online criminals, a security vendor has claimed.

Spyware is becoming a more serious threat as profits become a bigger incentive for hackers and other online criminals, a security vendor has claimed.

Adam Biviano, senior systems engineer at Trend Micro, said 70 percent of malware samples Trend Micro found 'in the wild' were now profit-driven.

"In the past, [malware authors] were script kiddies and programmers out to make a name for themselves."

That had changed, he suggested.

The aim was no longer to cause widespread damage but to set up a discrete network of PCs to launch denial of service (DOS) or spam attacks, Biviano said.

Such 'bot' networks were the result of malicious spyware installations that let a remote third party take control of a PC. However, blocking spyware was not as simple as blocking a virus, Biviano said.

"With viruses it was very cut-and-dried. A virus was 'bad' and needed to be stopped."

The spyware situation was not so clear cut, he said.

Terms and conditions buried in software licence agreements made it difficult for security companies to effectively block intrusive applications without risking legal action from software vendors. TrendMicro called such applications "greyware".
 
"With greyware, it's neither black nor white," Biviano said. Instead of blocking the application outright, security software let the user determine whether a program had been run.

Western Australia senator Brian Greig, of the Australian Democrats, would like to see such software better regulated. The Democrats had proposed a Spyware Bill that would establish privacy protection guidelines for such spyware.

A law could facilitate prosecution of the creators of more malicious trojan and keylogger spyware, he said.

Rich Mogull, vice president of  information security and risk at IT analyst Gartner in the US, said laws were needed to make an example out of malware perpetrators but shouldn't be depended on to eliminate the problem.

Laws in the US had some impact but mostly had not been significant, he said. 

Serious criminal acts, such as using spyware to collect credit card details, would always find a way, Mogull said.

However, the California State Bill 1386 had been effective. That Bill had required a company to notify Californian residents if certain combinations of personal information were lost.

That Bill had become law in the State of California, and the public disclosure of information loss that followed had spurred other countries into implementing similar laws, Mogull said.

With credit card theft, phishing and other online criminal activity becoming more common, companies' security efforts would likely focus on protecting their customer data, Mogull said.

Malware attacks were expected to go on getting more serious over the next one or two years, Mogull added.

 


 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  21%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1084

Vote