Print | Send on Yahoo! | PDF version | RSS | Filed Under: MALWARE HISTORY

MALWARE HISTORY - SPYWARE, ADWARE and PHISHING

Spyware applications are pieces of software that stealthily install and monitor users’ interaction with the infected computer.

SPYWARE

There is no clear border between spyware applications and Trojans, as such applications usually spread just like Trojans, and many times Trojans spy on the infected computers. Unlike computer viruses and worms, spyware applications do not auto-replicate, but they also exploit computers for commercial advantages. Spyware covers more that monitoring users’ behavior: they can collect private information, Internet surfing and online shopping habits, and then send the data to a remote location. Moreover, some spyware applications borrow features from their adware siblings in order to redirect Internet Explorer webpages to advertising website.

This is the case with the popular Internet Optimizer utility, also known as DyFuCa. The application not only that annoys its users with ads, but, due to a design flaw, it also prevents them from accessing password-protected websites. 

ADWARE

Adware applications are often wrongfully labeled as the mildest security risk in the industry. It might be true that adware Trojans don’t harm the host system, but instead they annoy users by serving various ads within the browser, or even constantly changing the browser’s startup page. More than that, adware applications usually come bundled with third-party software that might pose a security risk  for both the user and the host system.

Some adware applications explicitly state in the EULA (End-User License Agreement) that they install third-party modules or controls, yet few users take the time to fully read the entire license. It is recommended that you pay extra attention to the legal terms when you install any applications.

PHISHING

Phishing is a criminal activity that uses social engineering techniques in order to gain users’ confidence and trick them into divulging sensitive information, such as passwords and banking credentials. The attacker tries to impersonate a trustworthy entity, such as a well-known online store or a bank. For instance, eBay and PayPal are the two most favorite entities used in phishing attacks. Online banking portals are also becoming popular with attackers, since a successfully carried phishing would give unauthorized persons full access to user’s account.

Phishing campaigns are usually carried using instant messaging software or via spam e-mails. The attackers set up a clone of the target website on a hosting account, compose e-mail messages that seem legitimate, but manipulate links to look genuine, while redirecting users to the forged website. The message is then sent to all the users in a spam e-mail database . Unwary users that fill in the fields with their credentials send critical information straight to the attacker.

As of the moment of writing, such e-mail databases are sold on the black market at extremely low prices. More than that, harvesters sort e-mail addresses using multiple criteria, such as profession, hobbies or general interests in surfing the web, that allow attackers to maximize their chances in defrauding targets. 

Misspelled URLs or even the use of subdomains are only a few of the tricks used by attackers to gain users’ trust. However, new approaches can even force the browser into mimicking a secure connection (https).

 

In order to complete the security illusion, the attacker can falsify or hide miscellaneous elements of the browser, such as status bar text, URL location or the document source. All these elements can be forged using JavaScript.