Combating Spyware/Malware and Personal identity theft.

This post will be in two parts first will explain what this is all about , the second post what to do about it.
First of all I would like to start trying to explain what spy-ware is. Generally spy-ware as a term has a few different connotations. These are Ad-ware, Spy ware and Mal-ware. Quite often these are lumped together under a single description of Spy-ware.

Ad-ware
Quite simply this is software that is usually provided “Free” but with the caveat that it contains some sort of advertising that will be pushed to the user during the use of the software. If this advertising was not part of the software then the software could not be provided free of charge.
This type of “Spy-ware” can be considered pretty harmless usually, unless of course you don’t like advertising. If so don’t Install the software.

Spy-ware
Spy-ware is software that can find its way on your computer when surfing the web. Its sole purpose is to monitor your surfing behaviour and perhaps pop-up advertising when you are surfing. Spy-ware is usually non-malicious but issues of your privacy on the web can be concerning for some people. Sometimes spy-ware can also cause instabilities within the browser also.
Types tracking mechanisms that can be classed as spy-ware include:

Authorised tracking BHO’s ( Browser Helper Objects )
A Browser Helper Object, or BHO, is just a small program that runs automatically every time you start your Internet browser. Usually, a BHO is installed on your system by another software program. For example, Go!Zilla, the downloading utility, installs a BHO created by Radiate (formerly Aureate Media); this BHO tracks which advertisements you see as you surf the Web.

These BHO's are a feature of Microsoft Explorer and originally where designed by Microsoft to assist users of IE in navigating around the web. If your browser has a tendency to crash then it could be a poorly written BHO which has entered your system making it unstable.

Tracking Cookies
Large Web advertising cookies, use something build into our browsers called cookies to track our movement across the web. Cookies in general are not bad things but in this case they could be deemed a privacy issue. Simply each website you visit could deposit a cookie on your machine. Big advertisers then use the information of all the cookies on your machine to build up a picture of your surfing habits. This information can then be used for marketing purposes.

Web Bugs
Web bugs are simple HTML strings embedded in web pages or email. When a user opens an email that contains a web bug a message will be sent out to a web server on the web, indicating that you have read an email or clicked on a link etc. They are generally used for notification purposes.

Mal-ware
Mal-ware is a general term that usually describes software that causes your computer to behave in a way which you might not want it to. Mal-ware is the nastiest type of spy-ware and should be prevented if possible from getting onto your machine. Mal-ware can get onto our machines in a variety of ways.
Some of the key ways that Mal-ware might get onto your system are:

i) Installation/running of unknown software from 3rd parties e.g. Internet connection speed optimisation tools, Serial key generators, pirated Application software. These are sometimes fake applications.

ii) Opening email containing URL’s links from unknown people ( Phishing Attack )

iii) Opening email attachments from unknown people

iv) Opening email attachments that have executable extensions.

v) Navigating to the fringes of the Internet that may have content that is designed to exploit loop holes in browser technology. This type of exploit often works by
-Exploitation of software loop holes on Web sites using Microsoft Active X
-Exploitation of software loop holes on Web sites using Java Script

vi) Exploitation of Operating System loop holes.
If you have a machine that is connected to the Internet and it is not properly protected by a firewall and the latest patches from Microsoft and other 3rd party server software. It can come under attack from machines on the Internet. These machines will probe your machine and exploit issues within the operating system to allow the installation of Mal-ware.

So what does the Mal-ware do? Well Mal-ware’s first target would be to install what is called a “Root Kit”. This root kit allows the Mal-ware to use your system at a very high level of access. At the levels that a root kit would work rewriting system files is entirely possible.
Once a root kit is installed then a variety of Hacks can be put into place which may contain but are not limited to what is described in later paragraphs. It seems from analysing what Mal-ware is out there their seems to be two main types. The type that wants to control your machine for use as a BOT or the other type that is designed for Personal Identity Theft. I will detail each type.

Personal Identity Theft
Personal Identity theft is whereby your personal details have been stolen by some means then perhaps used to buy goods , gain access to material that belongs to you or perhaps to create a forged identity for someone else to use. Your Identity can be stolen in a number of different ways. However I am only going to concentrate on use of computers to steal identity. Mal-ware of the following types can be considered as designed to steal your most personal information and therefore allow personal identity theft.

Key Loggers
Key loggers are designed to record all keystrokes on a computer. The will then generally make available these keystroke logs to the people who managed to get the key logger onto your machine. Obviously the purpose is to catch sensitive data that may include log on credentials to email or perhaps financial sites or indeed retail sites like Amazon or EBay. Crooks will then use this information to rob you.

Unauthorised BHO’s
Unfortunately BHO's have been abused by malicious companies to manipulate your browser in anyway the malicious company wants. So for instance grabbing your credit card information and relaying it onto a 3rd parties or perhaps or it could just keep popping up advertising say every few minutes it really depends what the BHO was written to do in the first place. Key loggers have been found to be part of malicious BHO’s. In one particular case keystrokes where logged when accessing financial intuitions websites i.e for banking purposes.

Dialler's
Dialler's have been around for along time now but are still being used. They are designed for systems that connect to the Internet via dial-up modems. The idea is that a dialler will at some point make your modem dial a premium rate number(s). The persons owning the number will be gain lots of money from this call.

DNS ( high-jacking )
Once your system has been compromised by a root kit, it is possible to alter system files on your computer. One of the files that can be modified is called the Hosts file. By altering this file it is possible that when entering web addresses into the browser you can then be redirected to a fake web address. This will look like the real site , you enter your personal log-on details and now the hijacker can access the same site as you.

Internet BOTS
Internet BOTs have been around for quite some time but in recent years they have taken on a new and disturbing role in organised crime or what some people are calling computer terrorism. What is known as a BOT herder commands a large number of BOTs from a central location. These bots fleets are then used to target particular computer systems via their IP address. The bots then start sending large quantities of data to these addresses. This causes the web site on the targeted IP address to effectively be blown off the Internet. This kind of attack is known as a DDOS (Distributed Denial Of Service) attack. Generally in the organised crime scenario the crime syndicate would be paid not to start the DDOS attack by the web site owner.

So effectively your machine could have a BOT installed on it if you’re not careful about your security and could be taking part in organised crime or taking part targeting and bringing down foreign government’s computer systems. A sobering thought indeed.


What to do about this in part 2...