Spyware motives raise concerns

By on

Spyware is becoming a more serious threat as profits become a bigger incentive for hackers and other online criminals, a security vendor has claimed.

Spyware is becoming a more serious threat as profits become a bigger incentive for hackers and other online criminals, a security vendor has claimed.

Adam Biviano, senior systems engineer at Trend Micro, said 70 percent of malware samples Trend Micro found 'in the wild' were now profit-driven.

"In the past, [malware authors] were script kiddies and programmers out to make a name for themselves."

That had changed, he suggested.

The aim was no longer to cause widespread damage but to set up a discrete network of PCs to launch denial of service (DOS) or spam attacks, Biviano said.

Such 'bot' networks were the result of malicious spyware installations that let a remote third party take control of a PC. However, blocking spyware was not as simple as blocking a virus, Biviano said.

"With viruses it was very cut-and-dried. A virus was 'bad' and needed to be stopped."

The spyware situation was not so clear cut, he said.

Terms and conditions buried in software licence agreements made it difficult for security companies to effectively block intrusive applications without risking legal action from software vendors. TrendMicro called such applications "greyware".
 
"With greyware, it's neither black nor white," Biviano said. Instead of blocking the application outright, security software let the user determine whether a program had been run.

Western Australia senator Brian Greig, of the Australian Democrats, would like to see such software better regulated. The Democrats had proposed a Spyware Bill that would establish privacy protection guidelines for such spyware.

A law could facilitate prosecution of the creators of more malicious trojan and keylogger spyware, he said.

Rich Mogull, vice president of  information security and risk at IT analyst Gartner in the US, said laws were needed to make an example out of malware perpetrators but shouldn't be depended on to eliminate the problem.

Laws in the US had some impact but mostly had not been significant, he said. 

Serious criminal acts, such as using spyware to collect credit card details, would always find a way, Mogull said.

However, the California State Bill 1386 had been effective. That Bill had required a company to notify Californian residents if certain combinations of personal information were lost.

That Bill had become law in the State of California, and the public disclosure of information loss that followed had spurred other countries into implementing similar laws, Mogull said.

With credit card theft, phishing and other online criminal activity becoming more common, companies' security efforts would likely focus on protecting their customer data, Mogull said.

Malware attacks were expected to go on getting more serious over the next one or two years, Mogull added.

 

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?