Spyware - big, bad threats.

[ainwood]

A mildly interesting article I foudn on predictions for increases in spyware etc.

Of note: Predictions that firefox will be targettted (probably pretty believeable, considering the popularity its gaining), but will they really be able to do it?

Secondly, RSS feeds - I see their point.

Full article here

Big, Bad Threats June 20, 2005






RSS and Firefox will be next victims of adware deluge, Webroot's threat-research director says.
By Gregg Keizer, TechWeb
InformationWeek



By the end of the year, spyware programs will triple in number, put Firefox in their sights, and turn to Really Simple Syndication to distribute key loggers and ad spawners. Richard Stiennon, director of threat research at anti-spyware software vendor Webroot Software Inc., presented these and other predictions at the Gartner IT Security Summit earlier this month.
No. 1 on his list: "The first spyware that targets Firefox will appear" in the first half of this year, Stiennon says. "That means either a spyware writer will take advantage of a vulnerability in Firefox, as others already have in Internet Explorer, or create a site that forces Firefox to invisibly download and install adware or spyware." Test code against Firefox already exists, Stiennon says, adding that he has seen spyware exploits against Firefox that don't work.

In Stiennon's opinion, his most distressing prediction is that spyware will latch onto RSS as a way to distribute ad- and spy-style software. "I'm extremely concerned about this," he says. "Already we're seeing marketers look to RSS. A recent list by marketing types on why RSS is better than E-mail, for example, had 'no more annoying complaints about spam' at No. 8. Where marketers go, adware and spyware writers follow."

Another nasty possibility is that a vulnerability will be found in one of the big blogging services. "If a spyware writer finds a way to inject code into a blogging site--which could take the form of a Simple Object Access Protocol object--most likely through a future vulnerability in Internet Explorer 7, then everyone who subscribes to that service's blog RSS feeds is going to get infected." Such an attack could be massive, and because of the automated nature of RSS, extremely fast-acting.

Stiennon also predicts that rootkits, hacker toolkits now used by the most sophisticated worm authors to hide evidence of their malicious code from antivirus scanners, will migrate to spyware this year.

Another prediction is no surprise considering how much space Stiennon has devoted on his blog to a recent incident in Israel, where several companies' executives have been charged with industrial espionage after hiring private investigators who, in turn, used a British programmer's spyware Trojan to infect rivals' computers. "An episode of industrial espionage using spyware will be revealed in the U.S.," Stiennon says. "Without a doubt."

 

[vbraun]

I don't think spyware will target Firefox for a long time. Other wise the open-source Apache web server (which now holds 50%+ of the websites) would be a greater target for viruses and stuff.

Also becasue of firefox's open-source nature it will easily be fixed as soon as an exploit is found. Thus making it harder and harder for Spyware makers to exploit it. They will eventually give up and switch back to exploting IE.

 

[Civrules]

It seems that we're having a hard time staying ahead of spyware.

 

[CruddyLeper]

What is an RSS feed? Real Sound Stream?

 

[Padma]

"Really Simple Syndication "

 

[MarineCorps]

I don't think spyware will target Firefox for a long time.

I think the majority of spyware writers will focus on IE for a long while longer. however some will come for Firefox.

 

[GenMarshall]

I think the majority of spyware writers will focus on IE for a long while longer. however some will come for Firefox.

I hope that when they do target Firefox, that the developers of Firefox will make an upgrade to patch the holes. Firefox is my only choice to surf the internet since I avoid IE like the plegue.

 

[Civrules]

I think the majority of spyware writers will focus on IE for a long while longer. however some will come for Firefox.

I think so too. Until IE is "fixed" they will always go for it, IMO. It makes sense to go for IE more because it is indeed less secure than Firefox.

 

[Thunderfall]

Best Buy is probably making lots of money from this spyware fear. They charge people $40 to just install Anti-spyware program and $50 to install anti-virus program. To clean spyware and antivirus from an infected computer, their price is $200.

 

[vbraun]

Best Buy is probably making lots of money from this spyware fear. They charge people $40 to just install Anti-spyware program and $50 to install anti-virus program. To clean spyware and antivirus from an infected computer, their price is $200.

I bet they even pay some people to make a viruses and spyware just to inflate there products!

 

[Civrules]

That's why education is power. Lots of newbies don't know much about computers. Heck, if they just knew what spyware and viruses were and how to take care/prevent them (even with free programs) companies like Best Buy would not be in the business of soaking up money from other people's problems.

 

[vbraun]

I wonder if companies like Best Buy pay Microsoft a fee of some sort to keep bugs in the software, that way they can make money of off those holes by getting rid of Spyware/Viruses that might come through.

*shudders*

If you think about it, that could be possible...

*shudders again*

 

[ainwood]

My parents live in constant virus fear, and my aunt used to make a habit of clicking on every pop-up she got. Her PC became so clogged with spyware and virii that the friendly chap at the PC shop claimed that it couldn't be fixed, and sold her an entire new system instead.

 

[MarineCorps]

Best Buy is probably making lots of money from this spyware fear. They charge people $40 to just install Anti-spyware program and $50 to install anti-virus program. To clean spyware and antivirus from an infected computer, their price is $200.

People new to spyware and virus freak when the word spyware is metioned and don't know what to do so they think that paying for it is the only way to get rid of it.

 

[Padma]

Test code against Firefox already exists, Stiennon says, adding that he has seen spyware exploits against Firefox that don't work.

Face it, *targeting* FireFox isn't going to mean anything if they can't get the stuff to *work*. After all ,the main vector for spyware is "ActiveX", a MS/IE piece of code. FireFox doesn't use (or at least, doesn't *have* to use) ActiveX. If it did, I couldn't run it in Linux. Heck, if users would just disallow ActiveX in IE it would solve many of their problems.

While I won't say FireFox won't get hit by some expolits, I doubt they will be as numerous as IE's, because it will take a more determined hacker to create them, and the FF team will close the vulnerabiities more quickly.

 

[The Person]

But then Firefox's open source nature can also make it easier for hackers to find the holes, as they have access to the source code.

Somebody know of another freeware browser? (Discounting Opera, as that is adware if you don't pay for it.) I'm beginning to become slightly worried now that Firefox is spreading. Trust me, if Firefox actually beats IE you can be sure that all the bad guys on the net flock to Firefox, read its code and start exploiting it. Those guys do it either because they like to do bad stuff (I know, I have a wannabe-hacker in my class) or because they like the challenge it gives them. And Firefox will be a good challenge since it's harder to break through.

So don't think you're safe just because you use Firefox. You don't stay safe by sitting back behind a wall. The hackers will surely find a way through.

 

[Civrules]

But then Firefox's open source nature can also make it easier for hackers to find the holes, as they have access to the source code.

Somebody know of another freeware browser? (Discounting Opera, as that is adware if you don't pay for it.) I'm beginning to become slightly worried now that Firefox is spreading. Trust me, if Firefox actually beats IE you can be sure that all the bad guys on the net flock to Firefox, read its code and start exploiting it. Those guys do it either because they like to do bad stuff (I know, I have a wannabe-hacker in my class) or because they like the challenge it gives them. And Firefox will be a good challenge since it's harder to break through.

So don't think you're safe just because you use Firefox. You don't stay safe by sitting back behind a wall. The hackers will surely find a way through.

If I were you, I wouldn't worry about switching yet.

 

[vbraun]

But then Firefox's open source nature can also make it easier for hackers to find the holes, as they have access to the source code.

Also becasue of it's open-source nature anyone can take the time to fix it. Belive it or not, more people are going to look through the code to try and fix the holes then rather exploiting them.

I'm beginning to become slightly worried now that Firefox is spreading. Trust me, if Firefox actually beats IE you can be sure that all the bad guys on the net flock to Firefox, read its code and start exploiting it.

This isn't necessarily true. Look at the Apache web server, it makes up more then 50% of all web servers. Apache is also Open-Source, yet it is not the biggest target, infact the Microsoft web server is.

So don't think you're safe just because you use Firefox. You don't stay safe by sitting back behind a wall. The hackers will surely find a way through.

A brick wall is better then a chain link fence, right? So Firefox is the brickwall whille IE is the chain link fence, which would you stand behind?

 

[The Person]

Also becasue of it's open-source nature anyone can take the time to fix it. Belive it or not, more people are going to look through the code to try and fix the holes then rather exploiting them.

Nice to know. Hopefully the bad guys won't find the holes first.

This isn't necessarily true. Look at the Apache web server, it makes up more then 50% of all web servers. Apache is also Open-Source, yet it is not the biggest target, infact the Microsoft web server is.

Makes me think. Isn't it so that most people who know their way with computers believe Bill Gates is the Prime Evil himself? Thinking this way, what you say makes sense.

A brick wall is better then a chain link fence, right? So Firefox is the brickwall whille IE is the chain link fence, which would you stand behind?

Good point. But I would still make sure the brick wall had no cracks the hackers could exploit. When you're under attack you check your defenses, right? That's the point I'm trying to get across.

 

[Padma]

Nice to know. Hopefully the bad guys won't find the holes first.

They do. Sometimes. Usually the "White Hats" find the holes first. It is actually quite rare for the bad guys to find the holes first in Open Source.

Makes me think. Isn't it so that most people who know their way with computers believe Bill Gates is the Prime Evil himself? Thinking this way, what you say makes sense.

I like the way you put that: "most people who know their way with computers". Actually, most of us don't think he's *evil*, just ... misguided. But the fact of the matter is, most crackers will attack the easiest target. MS/IE is the easiest target. If FF gets a significant market share, more will *try* to attack it, but it will be harder to crack successfully.

Good point. But I would still make sure the brick wall had no cracks the hackers could exploit. When you're under attack you check your defenses, right? That's the point I'm trying to get across.

Right. But would you stand behind the chain link while you waited to be sure your brick wall was crack-free?

My wall consists of running an up-to-date Linux distro, behind a software firewall, behind a hardware firewall. And I *still* periodically check for rootkits just to be safe.