laurentio
9th August 2008, 03:59 PM
...this thread is a continuation from "best protection is user education (http://support.bicester-computers.com/showthread.php?t=17)"
Unlike traditional worms or viruses, spyware usually does not spread itself from system to system.
One of the easiest ways to distribute spyware is to go directly to the users and gain their consent to download the application.
How do they do that??
One of the more common trends in accomplishing this act is through the use of “misleading applications.” On the extreme end, these are applications that can grossly exaggerate and alert critical errors on users’ systems that are not actually present. This deceives some users and scares them into purchasing the program for a substantial fee to fix errors that are nonexistent.
Another method used to distribute spyware is to entice the user by offering up something desirable or useful for free. Not only does the user get the freebie tool, but they also get the bundled adware or spyware program downloaded with it as well.
The newest method is by asking the user to download an ActiveX, a media player or a codec in order to play an online song or an online movie. See a few examples below on the attached screenshots. On the given examples we see that while browsing porn tube (the hackers idea was to create a site that looks like YouTube and just simply checking the browser address we see that actually the real address is handmadeclips) the user is asked to download and install an ActiveX video codec in order to play the movies. The codec, the ActiveX in this example is actually a Trojan and instead of allowing you play the movies it will just infect your PC.
http://support.bicestercomputers.co.uk/attachment.php?attachmentid=17&d=1218887100
http://support.bicestercomputers.co.uk/attachment.php?attachmentid=18&d=1218887110
On the flip side, there are ways of installing and downloading spyware without user consent, such as the simple act of browsing a Web site. These so-called “drive-by downloads” leverage browser exploits on vulnerable systems in order to download spyware or adware programs.
The bottom line: stay away from Web sites that you don’t know and don’t click on popup ads or links that are delivered through email or instant messaging clients. Make sure all computers have the latest patches installed. Even when using extreme caution, it is clear that security risk programs like spyware and adware can still be downloaded onto a machine without a user’s knowledge; so, above all, make sure you are using security programs that are supplied by a trusted security vendor or even better ask an IT expert (http://www.bicester-computers.com/contact) prior to take such an important decision.
Unlike traditional worms or viruses, spyware usually does not spread itself from system to system.
One of the easiest ways to distribute spyware is to go directly to the users and gain their consent to download the application.
How do they do that??
One of the more common trends in accomplishing this act is through the use of “misleading applications.” On the extreme end, these are applications that can grossly exaggerate and alert critical errors on users’ systems that are not actually present. This deceives some users and scares them into purchasing the program for a substantial fee to fix errors that are nonexistent.
Another method used to distribute spyware is to entice the user by offering up something desirable or useful for free. Not only does the user get the freebie tool, but they also get the bundled adware or spyware program downloaded with it as well.
The newest method is by asking the user to download an ActiveX, a media player or a codec in order to play an online song or an online movie. See a few examples below on the attached screenshots. On the given examples we see that while browsing porn tube (the hackers idea was to create a site that looks like YouTube and just simply checking the browser address we see that actually the real address is handmadeclips) the user is asked to download and install an ActiveX video codec in order to play the movies. The codec, the ActiveX in this example is actually a Trojan and instead of allowing you play the movies it will just infect your PC.
http://support.bicestercomputers.co.uk/attachment.php?attachmentid=17&d=1218887100
http://support.bicestercomputers.co.uk/attachment.php?attachmentid=18&d=1218887110
On the flip side, there are ways of installing and downloading spyware without user consent, such as the simple act of browsing a Web site. These so-called “drive-by downloads” leverage browser exploits on vulnerable systems in order to download spyware or adware programs.
The bottom line: stay away from Web sites that you don’t know and don’t click on popup ads or links that are delivered through email or instant messaging clients. Make sure all computers have the latest patches installed. Even when using extreme caution, it is clear that security risk programs like spyware and adware can still be downloaded onto a machine without a user’s knowledge; so, above all, make sure you are using security programs that are supplied by a trusted security vendor or even better ask an IT expert (http://www.bicester-computers.com/contact) prior to take such an important decision.