In order to better understand where spyware is going, or more importantly, where it’s evolved from, we actually need to wind the clock back a lot further than may be first imagined; in fact, over fifteen years. If we look at the embryonic stages of the anti-virus industry, around sixteen years ago there were the first boot-sector viruses. It has taken this time for viruses as we’ve traditionally known them to evolve towards the more commercially viable, or intellectual-property-theft status that we now associate with contemporary viruses, a fact not realized by many. This whitepaper goes in-depth to discuss the history of spyware and its evolving future.
Spyware: Know Your Enemy
White Paper
Mark Sunner, Chief Technology Officer, MessageLabs
Table of Contents
Introduction 3 History of Spyware 3 Spyware today 4 Convergence and targeted attacks 5 Microsoft and Spyware 8 Remedies for Spyware 11
2 Introduction
Like Macavity, the fictional feline in T. S. Eliot's well-known poem, spyware may be considered to be responsible for a whole host of present-day crimes; but unlike the Mystery Cat, not all spyware is clever enough to leave no trace of its guilt - although that may already be changing.
This White Paper profiles spyware and prescribes the various ways Spyware may be organizations can meet the threat head on.
considered
responsible for a History of Spyware
whole host of Firstly in terms of history - in order to better understand where spyware is going, or more importantly, where it's evolved from, we actually need to wind the clock back a lot further than may be first imagined; in fact, over fifteen present-day years. If we look at the embryonic stages of the anti-virus industry, around sixteen years ago there were the first boot-sector viruses. It has taken this crimes. time for viruses as we've traditionally known them to evolve towards the more commercially viable, or intellectual-property-theft status that we now associate with contemporary viruses, a fact not realized by many. So only in the last few years have viruses actually stopped being mainly malicious and become about commercial gain of some kind.
This has only really started in earnest within the last four years, which is also quite compelling. We can pinpoint this transition back to the advent of the Sobig.A strain, in January 2003, the first virus that we could really say was all about commercial gain. Since then, much has happened, but we can also say that the profile of the person creating these viruses has changed profoundly. Only a few years prior to this were viruses such as Melissa or LoveBug in the year 2000. It was still largely individuals who were responsible and the goal was either malicious or to gain notoriety within those circles. With the advent of Sobig we see a wholly different type of person responsible - someone not motivated to write viruses or malware for malicious reasons, but motivated very much to create these weapons for commercial gain.
Viruses continued to be developed further and refined throughout the remainder of 2003. In 2004 significant outbreaks caused disruption on a massive scale, as writers started to get to grips with the technology, where we witnessed events like Sobig.F and MyDoom.A, and the NetSky vs. Bagle 'bot wars.' All of these events played themselves out on a world stage and became major blips on the radar as huge numbers of "zombie" computers were being infected and subsequently harvested. Without a doubt they were actually too successful from the writers' perspective - because they were too big as blips on the radar. The whole security community was very aware that these were in circulation, vendors were racing to issue patches, media sources were giving them more oxygen, and so the level of awareness in both corporates and home-users was high. People were responding quickly and updating their computers more rigorously than before.
Throughout 2005, we saw the perpetrators rein the botnets in to become much more stealthful. Ostensibly, we have seen botnets shrink in size, but increase in number, with malware like Trojan horses being issued hidden inside Microsoft® Word documents and the like. They also relied much more on the social engineering aspects (or "head hacking"), to keep the attacks below the radar. So far, this entire backdrop has been about viruses, and when we look across at the spyware scene, there is something very important that needs to be taken into consideration. Spyware as we have come to 3 understand it is, relatively speaking, very new, and has only really been with us for three or four years.
Around four years ago, we began to see the use of "pop-up windows" becoming more commonplace in the social engineering arsenal. For example, with a Browser Helper Object (BHO) installed with Internet Explorer, the BHO will have access to the same i... [download for more]
