|
Safe Computing in Dangerous Times
The Spyware Challenge
by Lawrence Taylor-Duncan, A+,
LTCI, MPS, MCPS, MCSA, MCSE
Click here for a list of common Threat Terminology
Click
Here for a Printable Version in Adobe Acrobat
Spyware is a very Big Deal these days. It invades your computer, takes over control of your web browser, assaults you with pop-ups and can even steal your identity. It has reached endemic levels and is costing industry millions of dollars to eradicate. Yet despite all the publicity surrounding it, users are often confused about exactly what spyware is and how to deal with it. Some don’t even realize they are infected and are oblivious to the danger. This article explains what spyware is, how to avoid infection and how to clean up your system if you’ve been hit.
 Know Thy Enemy
“Spyware” has become a commonly used collective noun for insidious and malicious software that can infect a user’s computer. At the top of the notoriety list are Browser Hijackers that redirect your home page to another site and Adware which peppers you with pop-up ads – a sure sign you have an infection. These are frequently caused by so-called Drive-By attacks. This occurs when a user visits an infected web site which then drops malicious code onto the system without his or her knowledge. (The malicious code is usually written in Active-X which is a powerful language that allows web sites to playback music, lets you watch animations and video clips, and provides an interactive web experience. Without it web sites would be flat and boring, but unfortunately it can be misused.)
On a more sinister level, malicious software known as Malware can drop memory watchers and keystroke loggers into your system that can steal your passwords, credit card numbers and SSN’s. Trojan Horses can open up a backdoor on your computer to allow someone else to control it. Worms and Viruses play a part in the spyware onslaught too as they can cause significant harm to your system leaving it weakened or damaged. Infected e-mail attachments can immediately attack and compromise your system or set you up for future attack.
 Battle Stations!
Signs of attack can be obvious (like pop-ups) or browser hijacks (unexpected redirection to another web site). The appearance of new shortcuts on your desktop, start menu or in your Internet Favorites is another sure sign of infection as is the appearance of a new toolbar in your browser or e-mail program. Less obvious signs include erratic browser behavior, sluggish system response, long boot times, and a “busy” hard drive when the system is not in use. For users with dial-up, the system may repeatedly attempt to launch the dialer.
More sinister signs of an attack may not show up until you find unexpected charges on your credit card months later. A keystroke logger may have intercepted your credit card numbers or spyware may have examined the hundreds of Cookies on your hard drive and found personally identifiable data that was sufficient to steal your identity. The most serious attacks can cause complete loss of control of your system or entire network. Using a Trojan Horse, a hacker can take control and change the administrator password or turn your computer into a file server to dish up illegal MP3s, bootleg software or pornography. (Don’t expect the RIAA or the FBI to be very forgiving even if you didn’t know it was happening).
 Batten Down the Hatches
There are several steps you can take to harden your system against attack. Principally the three most important steps to take are 1) Install all the latest service packs and critical updates for your operating system and your office suite; 2) Install the latest virus scanner and keep the definitions up to date; and 3) install a strong firewall and block outgoing ports known to be used by malware.
Major anti-virus vendors now include spyware detection as well as virus protection in their software. You must update your anti-virus software annually to get the latest scanning engine. Do not expect last year’s virus scanner to recognize this year’s threats even if your definitions are up to date. For best results, install a separate spyware scanner such as SpyBot or SpySweeper as well and scan nightly for threats. Spyware scanners can also protect your homepage from a browser hijack attempt. Raise the security level of your browser to High (go to the Security tab in Internet Options) and carefully vet downloaded Active X controls before authorizing them.
The most difficult step of all is to change your browsing habits! Much spyware arrives from downloading software that includes “extras” you didn’t know you were getting. Popular “free” utilities such as Internet Optimizers, Clock Sync tools, Search Bars, fancy cursors, screensavers and weather monitors are notorious spyware carriers. MP3 file sharing software such as KaZaA is well know for including adware and may also bring with it viruses and Trojan Horses. Most free stuff generates pop-ups or some other way to get you to click on something (every click generates revenue for the web publisher). Drive-by’s come from visiting web sites that are infected. You won’t get a drive-by from major sites such as Google or Amazon.com, but the more you go off the beaten path, the more likely you are to encounter one. Sites frequented by teens are a high risk area for example.
 Regaining Control
The first step in removing spyware is to install a spyware scanner but first – a word of caution. If a pop-up ad appears and states you have spyware and entice you to click on a link to fix it. Don’t! This is spyware trying to trick you! Only install Techni-Core recommended tools. Learn how to boot into Safe Mode (a special diagnostic startup mode for Windows that stops startup programs from running at boot time) and then scan your system. You may also have to temporarily disable features such as System Restore that can hide backup copies of malicious code.
Spyware removal can be a difficult and technically complex task as some spyware is extremely difficult to eradicate, requiring an advanced level of knowledge. Extremely invasive spyware may inject code deep into your system and removal may cause loss of Internet access or in rare cases, an unbootable system. In situations like these, it is best to call in a professional to do the job, but be warned, sometimes the only option may be to format the disk and reloading the whole operating system.
I hope this article has raised your awareness level. Spyware is insidious and should be treated with the same urgent degree of attention as viruses. Don’t let it invade your system and remember – prevention is better than cure!
© Lawrence Taylor-Duncan, Techni-Core Network Systems, Inc. August 2004
|
