Spyware not serious yet in Malaysia
5th August 2004 (The Star)
By By M. MADHAVAN

SPYWARE, mainly used by unscrupulous websites to gather information and track the surfing habits of users, is unearthing new ways for trojans to infect computers, according to the National ICT Security and Emergency Response Centre (Niser).

The spread of spyware and adware shows how easy it is to install files on a user's PC through popup windows without the user's knowledge.

Using spyware techniques, virus writers can create trojans that not only invade users' privacy but also launch Distributed Denial-of-Service (DDoS) attacks, said Solahuddin Shamsuddin, Niser MyCERT manager.

A trojan is a program that masquerades as legitimate software. But unlike a worm or a virus, a trojan is not capable of replicating.

Using spyware trojans, infected PCs can then be mobilised into "bot armies" to launch DDoS attacks aimed at disrupting business or government activities, said Solahuddin.

What's worse is that PC users would not even be aware that their machine was being used as a launchpad for DDoS attacks.

In DDoS attacks, numerous infected computers are used to overwhelm a selected target (usually the network of a big company or organisation) by sending it repeated spoof requests so that it would not be able to respond to legitimate ones.

In June, the Internet Storm Centre (isc.incidents.org) - which monitors network threats - discovered a trojan capable of stealing passwords, which installed itself on unsuspecting PCs through popup windows. This particular trojan did not even require user intervention. In other words, it appeared as a popup window and did not need the user's permission to install itself, which it promptly did.

This trojan logs keystrokes when users visit any of the 50 targeted banking sites, including Citibank, Barclays Bank and Deutsche Bank, said Solahuddin. Because the trojan intercepts keystrokes before it reaches the browser, encryption employed by online bank sites is of no help.

Spyware can also act as "backdoors" that can be used to gain access to a victim's computer to steal data, said Solahuddin. However, most spyware is designed to "hijack" the browser, forcing the user to visit pay-per-click websites, which result in more revenue for those responsible for the spyware.

More prevalent

"We believe spyware is more prevalent now," Solahuddin said.

While Niser does not have any statistics on spyware activities in Malaysia at this time, Solahuddin said that it normally receives five reports per quarter on average.

"As the number of reports we receive does not indicate the situation is critical, we cannot predict if it will get worse," he said.

The majority of spyware reports Niser receives are apparently browser hijackings.

Niser believes the situation may be worse in the United States where several states have passed or are considering anti-spyware legislation. The first US state to do this was Utah with its Spyware Control Act, which would make installing spyware without the knowledge of the user a crime.

However, before the law could come into effect in May, online advertising and marketing company, WhenU.com (www.whenu.com) managed to get a temporary injunction against the new anti-spyware law on the basis that it is unconstitutional.

In Malaysia, we do not have any anti-spyware legislation at the moment, said Solahuddin.

However, spyware writers in the country can be prosecuted under the Data Protection Act - expected to be approved this year - or under the Penal Code depending on the intention of the writer and the level of destruction caused, he said.

Hogging bandwidth

Spyware mainly ends up hogging bandwidth, which costs the user more money and loss in productivity at the end of the day, said Solahuddin.

If it is present on a user's PC, it can add unauthorised websites to the desktop or the web browser's favourites folder, or even add toolbars or search bars to the browser.

It can even intercept information entered by the user on a web browser, monitor his browsing activities, and the personal information gathered could be sold to a third party for marketing purposes, he said.

Usually spyware also changes the default homepage of the browser and prevents the user from modifying the browser settings.

Prevention

Niser suggests that users install programs that can protect their PCs from spyware. Recommended utilities programs include: Ad-Aware (www.lavasoftusa.com/software/adaware), SpyWare Nuker (www.nuker.com), PestPatrol (www.pestpatrol.com), XoftSpy (www.paretologic.com), Spybot (security.kolla.de), SpywareGuard and Spyware Blaster (both from www.javacoolsoftware.com).

Users should install anti-spyware programs to block, detect and eliminate spyware even if they already have antivirus programs installed on their machines, advised Niser.

Users should also avoid downloading unknown programs and files from the Internet.

"If you need to download any files or software, make sure you know who the software is from and read the licensing agreements carefully," said Solahuddin.

Users should also increase their browsers' security settings especially if using Internet Explorer as it is the main target of spyware makers, he said.

Internet Explorer 6's security settings can be accessed by clicking Tools, Internet Options and the Security tab.

Alternatively, users could also install a popup blocker to prevent the browser from opening popup windows. Some browsers like Mozilla Firefox (www.mozilla.org/products/ firefox) have built-in popup blockers and the upcoming Service Pack 2 (SP2) for Win XP will include this feature in Internet Explorer.

Users should also equip their PCs with a personal firewall such as Zone Alarm (www.zonealarm.com), he said.

SP2 will also include a much-improved firewall (see sidebar for more information).