Spyware, Malware and Social Engineering

October 25, 2006 / Internet and Society / Comments (0)


Where is the most internet-related innovation at the moment?

Rich Internet Applications, some say. User-generated content, say others. Meta-search, social networking sites, blogging, voice-over-IP and podcasting are other contenders.

Cutesy technologies they may be, but sometimes the internet's innovation comes from underground sources. Pop-up windows(!), peer-to-peer file sharing and (more recently) bit-torrents, owe a lot to hackers - and the pornography industry.

Today, malware is arguably growing and evolving faster than any other internet-related technology. I base this on nothing other than my personal experience, some scant research, and an event I attended in London last year, where I listened to representatives of each of the main anti-virus companies.

What I learned at that conference was that the people who create viruses are no longer teenage hackers, trying to show the world how smart they are. Rather, today's virus creators are criminals motivated by profit.

Many do not regard themselves as criminals of course, but as Robin Hood type characters. This is particularly true when they are based in societies that they perceive to be suffering at the hands of the wealthy West. Not that that's much comfort to you if your bank account has been raided.

Sidebar: Watch this BBC News clip of Nigerians getting busted for spam, and the reaction of the community around them.

So, these virus creators are motivated by profit. They are after your bank details, your passwords, or anything that will allow them to create "identity theft" (e.g. by accessing your emails, they may potentially be able to send instructions on your behalf, make payments from your PayPal account, etc.).

Rather than searching an exploit in your system that will cause your computer to crash, today's virus writers manipulate you in order to get their creations onto your computer, where they remain hidden, lurking silently, gathering information, downloading sibling viruses, and "phoning home".

Virus authors regard you as the weakest link in the security of your computer/internet accounts. It has long been a maxim of the security industry that it is much easier to get an individual to divulge a password than it is to programmatically try and discover that password. Thus, spyware/malware authors are confidence tricksters, employing social engineering [wikipedia] techniques.

Their attacks are becoming much more targetted, regionalised and customised. Take a look, for example, at this highly personalised example of phishing recently reported to Kaspersky.

Digital invaders are no longer simply attached to emails. They are disguised as MPEGs or MP3 files, then downloaded from websites or leeched from peer-to-peer networks; they are encoded in JPEGs; distributed by hidden active-x controls in web pages (particularly porn or warez sites - a.k.a. "honey pots"). In WiFi infrastructure, computer viruses have become airborne.

Trusting the source isn't enough - reputable providers can do little about the mathematical impossibility of a computer program being able to detect 100% of all viruses.

Thus MacDonalds (trustworthy to the last, ahem) unwittingly distributed a nasty trojan in 10,000 free MP3 players it gave away to Japanese competition winners.

So how do you protect yourself? Install a good antivirus program, right? Hmmm... it's better to install a combination of solutions. Even then, successful malware may disable anti-virus systems, and/or stop them from updating online, and/or fool you into thinking that your anti-virus sofware is nonetheless working perfectly.

Just as society must accept that terrorism will never go away, we have to accept that viruses are something we simply have to deal with. Stay vigilant about what the spyware authors are ultimately after. As Authentium puts it:

So many times people think that simply just disinfecting a file is sufficient to handle a virus incident. This is no longer the case. You really have to start thinking about which passwords were stolen, what bank accounts and credit cards were compromised and what proprietary and/or personal information were stolen.

Comments

0 comments / Skip to comment form

Leave a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)





Heraghty Internet Consultants

Search

About

Mediajunk is Michael Heraghty's blog, with articles on web design, usability, online marketing, digital innovation, etc. More »

Recent Entries

Free Wordpress Themes - Sparsely Green
-- 27 Mar 2008

Web Services In a Recession
-- 12 Mar 2008

New Heraghty Internet Website
-- 27 Feb 2008

PR in the Age of Transparency
-- 7 Feb 2008

Welcome to the Innovation Era!
-- 27 Jan 2008

End of the Internet Era?
-- 5 Jan 2008

Suggestion for Gmail: Protect My Contacts
-- 15 Dec 2007

Our New Video/Multimedia Learning Website
-- 30 Nov 2007

How to Buy a New PC for €137.43
-- 7 Nov 2007

What Google Wants
-- 21 Oct 2007

Usability Concepts, Principles, Jargon ... and Myths
-- 9 Oct 2007

Movable Type 4 - A Whole New CMS
-- 28 Sep 2007

Oh No, Web 2.0!
-- 25 Sep 2007

Generalists in the Internet Age
-- 22 Sep 2007

The 10 Next Big Things
-- 12 Sep 2007

Open Source Video
-- 8 Sep 2007

Book Trailers
-- 30 Aug 2007

Nearshoring in new EU Countries
-- 29 Aug 2007

When Viral Web Marketing Works
-- 7 Aug 2007

US Dollar Heading for Collapse?
-- 4 Aug 2007