Self-Installing ‘Spyware’ Poses a Growing Threat to PCs
Posted May 28, 2005 9:08 AM CDT
By Jason Krause
Joe Kashi, a solo practitioner, first became aware of what malicious Internet software can do in the year 2000 when he woke up one night to the sound of his modem dialing out to the Internet all by itself.
“At that point, about the only thing you can do is pull the cord out of the wall,” says the Soldotna, Alaska, lawyer.
The threat “spyware” poses to any PC
Should be well-known--it’s almost impossible to turn on the TV without seeing ads from America Online or Netscape, both claiming to have the most comprehensive protection. And lawyers are just as susceptible to spyware as anyone else, but they have reason to be especially vigilant: They are often responsible for client information, documents and court strategies, and are bound by various codes of ethics to protect that information.
Congress is looking for ways to stop spyware. A proposed bill would try to stop surreptitious downloads of spy software. However, Congress has also tried to stop spam e mail and computer hacking, only to have the practices increase, at least in part because many computer criminals operate outside the United States.
“This is something you have to pay attention to because the bad guys will find a way around even the best defenses eventually,” says David Ries, a partner who chairs the technology committee of Thorp Reed & Armstrong in Pittsburgh. “This really is an arms race.”
Symantec, a computer security firm with offices worldwide, defines spyware as software with the ability to scan a computer system and relay information to another system over the Internet. In some cases, computer scammers can steal passwords, account information and whole files this way. “Adware” is used to send advertisements to another computer, and while it is less of a security risk than spyware, it can be a nuisance and slow your computer’s performance.
Kashi says he’s seen spyware used in new and creative ways. In one Alaskan case, an e mail was sent out that said recipients needed to confirm a purchase with a local retailer. But if recipients clicked on a link in the e mail to confirm, they would actually have a spyware program surreptitiously downloaded onto their computer. He says federal investigators he’s talked to believe a competitor of the company actually sent the e mail, hoping to smear the competition.
Many people feel safe with basic levels of security because many hackers go after easy prey--unprotected PCs. But John Harrison, group product manager with Symantec, says it’s not just unprotected computers that are at risk. “You tend not to hear about the more subtle and complex attacks because they’re not as spectacular as when hackers go after thousands of vulnerable users,” he says. “There are some very skilled hackers out there.”
Recently, hackers have made news by stealing personal documents from celebrities. “It goes without saying that if someone will hack into Paris Hilton’s phone for some pictures and e mails, then ... well, let’s just say that if you’ve got a $10 million case, it’s likely someone will try to push the envelope and try to find a way to find out what you have,” Kashi says.
Between July 1 and Dec. 31, 2004, Symantec documented 1,403 new ways to exploit computer vulnerabilities, up 13 percent from the first six months of 2004. Of the top 50 examples of malicious programs Symantec cataloged, more than half were types that could expose confidential information.
According to the company, a rising problem is “bots”--spyware programs that link together to form networks of hijacked computers. Those computers can be used to launch attacks on other computers. Two bots were present in Symantec’s top 10 malicious code samples. In the previous six month period there had been one.
Call in the Experts
The first time Ries scanned his computer, he found close to 100 adware and spyware programs. He believes law firms need to bring in out side help with the problem. “I would suggest that even solo practitioners or small law firms bring in a consultant to monitor things periodically,” Ries says. “I’m in a law firm with 110 attorneys with a full time IT staff, and we still use consultants.”
To avoid spyware as much as possible, experts recommend several steps, including:
• Firewall hardware. By now, most people have firewalls, or software designed to block attacks. However, it is also a good idea to have a hardware based firewall that blocks traffic as it comes into the firm. This kind of equipment is located on Internet routing hardware.
• Scanning. People should scan their computers for threats. Commercial vendors offer spyware scanners like PestPatrol, though free software programs, such as Ad Aware, are also available (see box, page 60).
• Updated software. It is important to stay current with the patches and updates to Windows and browser software. Microsoft has begun to pay more attention to security, and its latest Service Pack 2 contains added security features.
• Office policy. Firms should have a security policy that regulates how employees use wireless networking, which is more vulnerable than a wired network. Such a policy should either encourage strong firewall and password protection or prohibit the use of wireless altogether.
• No P2P. Firms should let employees know that downloading peer to peer file trading software opens them up to spyware.
Remember to be careful without affecting productivity. “You should be paranoid, but not enough to drive yourself crazy,” Kashi says. “The point is just to use common sense and think about how you protect sensitive information.”
Tech Audit Hot Tip: Kill Spyware
PestPatrol: www.pestpatrol.com ($29.95) Spy Sweeper: www.webroot.com ($29.95 $319.60, multiuser) Spybot S&D: www.safer networking.org/en/index.html (free) Ad Aware: www.lavasoftusa.com/software/adaware (free)