Feeds

When spyware crosses the line

Punting porn to children

  • alert
  • submit to reddit

Protecting against web application threats using SSL

One of my friends called me in a panic the other day. It seems his eight-year-old daughter was surfing the Internet, searching for Barbie dolls, games designed for children, and other things of interest to eight-year-old girls, when something bad popped up on the screen. She may not have understood what she saw, but she knew it was bad and so she called Mom and Dad.

You can probably guess what popped on the screen. That's right, a page with explicit, graphic pornography. But wait, there's more. It gets worse.

Bookmarks for "mature porn" also popped up all over the computer, placed everywhere from the desktop to the Quick Links toolbar of the browser, to the Favorites area in Internet Explorer - and these links appeared for all three users who can login to this system. The browser was also redirected, or "hijacked" to display an explicit porn site as the home page, and any attempt to change it back were to no avail. An application also started running secretly in the background, ensuring any attempts to remove these links would be replaced.

My friend, who works in the software industry, knew that their family computer had been infected with spyware. Nowadays it only takes a single click. He also knew what to do. He ran the free spyware removal tool, Spybot Search & Destroy, to no avail. Then he ran another popular free tool, Ad-aware, also to no avail. He made sure he had downloaded all the updates to both these tools, then ran them again in safe mode. Both tools found the spyware hijacker, but were unable to remove it despite multiple reboots. Still, the links to mature porn would reappear. His daughters were told not to use the computer until this "spyware" was removed - which in this case, was proving surprisingly difficult to remove. As it turns out, the "spyware" in question had self-updating code, and had updated itself to a newer version that could not yet be removed by any of the major anti-spyware tools. Instead, my friend spent significant time figuring out how to manually delete a malicious, system-level application that he never installed.

Self-updating code. Hijacked home pages. Applications installed without your knowledge. Toolbars you don't want and never asked for. Your movements on the Web are tracked and recorded. All this, and yet we still call this stuff "spyware"?

It's a sad day for the Internet community when an 8-year-old girl, through a single click, is not only subjected to graphic pornography but has caused a nefarious, hard-to-remove application to be installed. An application that spews porn at every turn — plus gives you links to more porn that cannot be removed without a significant investment in a parent's time and frustration.

When spyware crosses the line, it's not spyware anymore. It's a virus - and in my opinion, should be dealt with by the anti-virus companies.

Drawing the line

An entire cottage industry has sprung up with the advent of spyware, and a few people are making a great deal of money using shady tactics. For the most part these people and companies can be identified, tracked and held accountable for their actions. Yet today, it rarely happens. Why?

I believe one of the problems is that a clear line has yet to be drawn between what is "acceptable" spyware versus what is unacceptable. Clearly, porn hijackers, self-updating applications, and domain-blocking applications are unacceptable. Yet I would argue that any application that gets installed without your knowledge is unacceptable and by nature crosses the line. And of course, the line from here to the legality of such things is very murky indeed.

Not only can spyware be installed on a fully-patched Windows machine running the latest anti-virus software, spyware companies and the slimeballs who run them have been known to find, use and exploit undisclosed IE vulnerabilities to their advantage and for financial gain. In the Internet community that I grew up with, one that existed long before the Web, that kind of activity would never have been allowed to sustain.

Patch the cheese, please

Before you rush to email me your thoughts on this assertion, understand that the spyware issue has little to do with a lapse in a user's desktop security. The bane of good security practice whereby you patch/firewall/anti-virus everything in sight still won't fully protect you - spyware gets installed through ActiveX, or by exploiting zero day vulnerabilities that (eventually) get patched in Internet Explorer.

Simply disable ActiveX, right? Well, it's not quite that easy. Some of the sites you visit may know you're running IE and believe that they truly need to use ActiveX. Other options? Here's one: try surfing the Web with IE configured to "ask" about running ActiveX scripts and controls. But be forewarned. It will nag you worse than your ex-wife's cranky mother.

Spyware is largely (though not exclusively) an Internet Explorer problem. And like it or not, Internet Explorer, the Swiss cheese of the Internet, commands about 80 per cent of the world's browsing. But individuals can freely switch to Firefox or Opera and effectively bypass the spyware problem, at least for now. Sure, security holes can, have and will be found in these browsers too but the difference in their security track records compared to Internet Explorer is absolutely night and day. Corporations and Enterprises can use desktop management software to centrally distribute these new browsers, and save money by not having to license anti-spyware applications to clean up the mess that's been swept through IE.

I give accolades to Scott Granneman for having the guts to tell people it's time to dump Internet Explorer. Never mind all the features competing browsers have that enhance the browsing experience. Personally I think it's worth switching for the spyware problem alone.

I've read comments from people who've said they've been using Microsoft Internet Explorer for many years and have never encountered a single case of spyware. Oh really? My response to that is very simple: what planet are you living on?!

It's not the benign spyware that I worry about, either. It's the ease with which these more malicious "spyware" applications can install themselves without your knowledge - and hijack your browser so it displays porn to an eight-year-old girl. Then it updates itself so you can't remove it. This is "spyware" that has clearly crossed the line.

Copyright © 2004, 0

Kelly Martin is the content editor for SecurityFocus.

Related stories

US moves towards anti-spyware law
Utah sees first spyware case
No need for anti-spyware laws - FTC
The average PC: spyware hotel
Anti-piracy vigilantes stalk file sharers

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.