The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Top 10 tricks causing spyware epidemic

Posted by Xavier Ashe on December 22, 2005

Spyware tricks have become increasingly devious, making spyware and
adware stick to machines longer, more difficult to remove and sometimes
impossible to see with ordinary methods. In the spyware tricks
series I wrote about seeing installations with multiple resuscitators,
increasing numbers of randomly named files, even randomly named
folders. Internet Explorer security settings are being changed by
spyware and hosts files are being hijacked. We've recently seen
installations of keyloggers and spam bots along with your garden
variety of adware. Now add rootkits to that list.  Let's look back at
the top 10 tricks of 2005…

  • Spyware spread through Windows Media files
  • Adware companies hide their dirty work using rootkit technology
  • Internet Explorer infected through Firefox
  • Direct Revenue unleashed Aurora
  • Spam bots, keyloggers, kiddie porn connect with major adware companies
  • Spazbox domain installs massive spyware/adware – using IRC
  • Anti-spyware spread by spyware and trojans
  • Direct Revenue adware distributed through BitTorrent
  • AIM worm carries backdoor, rootkit and adware, found to be powered by world wide bot net with ties to the Middle East
  • Sony BMG infects users with DRM rootkit

Note that this is not an empirical study or based on any data at all, just the opinion of Suzi Turner of ZDnet.  For example, the Firefox/Java exploit is very low in frequency.  She seems to like Paperghost's blog at vitalsecurity.org, since most of her list is from his research.  Interesting article, nonetheless, and worth reading.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: