AOH :: ISN-2820.HTM

Black Hat: Hit spyware by punishing purveyors, experts say

Black Hat: Hit spyware by punishing purveyors, experts say
Black Hat: Hit spyware by punishing purveyors, experts say 

By Eric Lai
August 03, 2006 

LAS VEGAS -- With spyware a continuing plague for many computer users, 
some experts and IT workers are calling for stiffer penalties -- including 
jail time -- for convicted spyware purveyors.

At a panel discussion yesterday during the Black Hat security conference 
here, speakers said that antispyware vendors are losing the fight against 
spyware creators, making more drastic measures necessary.

"It's not technically feasible to stop spyware," said Dan Kaminsky, an 
independent security consultant. "Think of the millions of PCs that have 
either been put away for good, sent away for service or replaced because 
of spyware infections. That is probably hundreds of millions or billions 
of dollars worth of damage. Yet no one has gone to jail;  no one has been 

Recent statistics gathered by antispyware vendor Webroot Software Inc.  
point to spyware's continued growth. Between March and June, more than 
100,000 new Web sites hosting spyware were discovered by Webroot.  That's 
in addition to the 427,000 such sites discovered by Webroot since it began 
searching for them in January 2004 using a specially tuned search engine 
that Gerhard Eschelbeck, chief technology officer of Webroot, calls a 
"Google for spyware."

"Viruses are pretty easy to track -- you just stick out the sensor,"  
Eschelbeck said. "Spyware is pretty hard to track down. You've got to 
actively hunt it down because it changes every day, every hour."

According to Webroot, 31% of all PCs -- including those that are 
business-owned -- have been infected with Trojan horses, which typically 
arrive disguised as something innocuous, such as a picture or document. An 
infected PC at an enterprise is host to an average of 1.3 Trojans, which 
Webroot considers the worst form of spyware -- although they can be more 
malicious than that.

Pamela Fusco, an information security manager at an East Coast financial 
services company, said her team deals with spyware infections every day. 
The worst incident was spyware that began replicating so quickly that "in 
20 seconds it nearly took down our Microsoft Exchange system," she said.

That is despite a comprehensive program Fusco set up for dealing with 
spyware, including antispyware technology from McAfee Inc. and help from 
Web application security firm SPI Dynamics Inc.; constant PC audits; a 
global alert system; restrictions on the use of PCs for employees who 
don't need full access; and education programs involving live 
demonstrations or Web video. Another tactic enterprises should adopt 
includes closely monitoring their Domain Name System logs, said Kaminsky.

And Drew Maness, senior security strategist at The Walt Disney Co., 
suggested that IT help desk workers be trained to diagnose PCs that are 
running abnormally slow as possible hosts for spyware.

At Houston-based Continental Airlines Inc., spyware makes up 80% of the 
malware afflicting the airline's computers, according to Andre Gold, the 
company's chief information security officer. His team routinely deals 
with PCs that have been crippled by spyware by wiping the hard drive and 
reinstalling the complete operating system and software.

Asked how often his security team runs into particularly nasty spyware 
such as keyloggers that capture users' keystrokes -- including passwords 
and usernames -- Gold said, "I can't imagine a company that doesn't see 

While spyware blooms, adware appears to be wilting. The average infected 
enterprise PC today is host to 2.8 instances of adware, down from 3.9 in 
the fall of 2005.

Not everyone agrees on the difference between relatively benign adware and 
more malignant spyware, which Kaminsky said is one reason it's been so 
difficult to fight the latter.

He said laws must be put in place that clearly set out guidelines for 
would-be adware distributors. For instance, laws could spell out that ads 
need to removable by users within 10 seconds with a simple right-click of 
the mouse lest they be deemed spyware. "As long as everything is gray, no 
one goes to jail," he said.

Fusco agreed that laws today are inadequate for stopping spyware at its 
sources. But Gold said another problem is the reluctance by companies 
infected by spyware to come forward and share information with government 

"If I give you data, you could help me -- or you could prosecute me"  for 
lack of due diligence, Gold said. "It's an absolute Catch-22."

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2015 CodeGods