Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware for Corporate Espionage

Posted by michael on from the outlook-deemed-harmful dept.

therufus writes "Late in July, an e-mail that hit employee in-boxes at a British credit card and finance company carried a secret payload--spyware capable of recording confidential corporate data and sending it over the Net."

13 of 216 comments (clear)

  1. Here is an idea. by Omni+Magnus · · Score: 3, Insightful

    Don't open Emails that you have no clue who they came from. This is just common sense.

    1. Re:Here is an idea. by binaryDigit · · Score: 4, Insightful

      Don't open Emails that you have no clue who they came from. This is just common sense.

      That line of defense fails when only 1 person forgets this fact (or as a permutation of the following) and the "virus/worm" spreads itself by having the from address of the newly infected person. Plus, it doesn't take a lot of effort to find out who the IT or some other higher up in a company is and use their name as the sender of the email.

  2. Stop Spyware at the Source by Ridgelift · · Score: 3, Insightful

    Dubbed the Consortium Of Anti-Spyware Technology Vendors and led by the creators of the popular Ad-Aware and Pest Patrol software programs, the group is trying to create standard definitions of "spyware," "adware" and other pests, and give best-practices recommendations to the companies that want to avoid being blocked by their software.(emphasis added)

    Once again, the main technical problem lies with Windows. Spyware is just another form of malware, which takes advantage of defects in the operating system to gain access.

    I would hope that the Consortium Of Anti-Spyware Technology Vendors would promote Linux, Mac and other operating systems that are better equipped to rebuff malware attacks.

    --
    Ruby on Rails Screencast
    1. Re:Stop Spyware at the Source by Evil+Adrian · · Score: 3, Insightful

      Funny. Microsoft is to blame for spyware issues, but Kazaa, et. al. aren't the problem when it comes to piracy.

      Love the double standard. LOVE IT.

      --
      evil adrian
  3. Is anyone surprised? by blankinthefill · · Score: 4, Insightful

    I'm not. This is the logical conclusion (Or beginning) to the "virus age" that we've been experiencing. And I think the articale is wrong in some respects, like their thinking that the script kiddies and such are long gone. They are still here, and are having nore effect than ever as they modify already dangerous viruses, making it harder to block and stop them. And tell me, when has broad ranging legislation really helped anyone? Untill it's proven effective, I will remain wary of anything of the sort.

  4. Questions... by frodo+from+middle+ea · · Score: 4, Insightful
    Pardon my ignorance, but...

    • What kind of stupid sys-admin allows .vbs, .js , .exe, .sws attachements thru the corporate email ?
    • What kind of idiot sys-admin would allow the corporate users , to run their PCs with admin previleges , so that any unwanted junk s/w be installed on their PCs ?
    • Which genius allows unrestricted access to confidential corporate data to its users ?
    • Why do the corporate firewalls not block out-bound traffic to all ports but a select few HTTP/SSL ect ?
    --
    for the last time people, I am "frodo from middle eaRTH", not "middle eaST".
    1. Re:Questions... by jdreed1024 · · Score: 5, Insightful
      What kind of stupid sys-admin allows .vbs, .js , .exe, .sws attachements thru the corporate email ?

      The sys-admin who is told by the CEO to remove the e-mail blocks, because someone wants to e-mail him a self-extracing zip file (.exe).

      What kind of idiot sys-admin would allow the corporate users , to run their PCs with admin previleges , so that any unwanted junk s/w be installed on their PCs ?

      The sys-admin who gets in trouble when he yelled at Bobby the Intern (who happens to be the CTO's nephew) for installing Kazaa on his machine. Ditto for the sys-admin who was told to turn the PHB's account into an Administrator account so he could install MS Entertainment Pack.

      Which genius allows unrestricted access to confidential corporate data to its users ?

      The genius who tried to secure the confidential corporate data with X.509 certificates and/or passwords, but was then told to remove them, because the VIPs were complaining about having to remember too many passwords.

      Why do the corporate firewalls not block out-bound traffic to all ports but a select few HTTP/SSL ect ?

      Because then the PHB can't use AIM to chat with his friends.

      Seriously, I worked as a sys-admin in an environment like this. You wouldn't believe the number of safety procedures that the CEO/CTO/PHB wanted to circumvent to make life easier for themselves. Unless you have a CTO who understands security and will stand up to the rest of the VIPs, you're doomed. Completely and utterly doomed.

      I attempted to implement the passwd changing program with cracklib support to prevent users from picking stupid passwords. That lasted about a week before I was told to take it away.

      There was a brief period of time where we went around and killed off IE on the desktop machines, because there were too many damn vulnerabilities. That lasted about 2 weeks before the CEO told us that the researchers couldn't use "this Netscape thing".

      Repeat for many other events. Bottom line is anyone who is not a sys-admin knows two things: routine and usability. However, implementing propert security requires changing at least one of those, if not both. And therein lies the problem.

      --
      There is no sig, there is only Zuul.
  5. BS !! by AftanGustur · · Score: 4, Insightful


    Don't open Emails that you have no clue who they came from. This is just common sense

    Come one, grow up, we're no longer 6 years old and there is no good reason why we should be forced to live in fear of our emails !!

    If a email can do all kinds of bad stuff to your computer, it is the fault of the one who wrote the email software, period..

    Don't try to blame the victim because he was simply using the software for what is it supposed to do ...

    --
    echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
  6. Re:Sneaks by Tuxedo+Jack · · Score: 3, Insightful

    Yes, it's becoming vaguely "Star Wars"-ish. Darth Gator versus PepiMK Skywalker... oy, there's something I never wanted to see. However, at the school district where I work, we're coming up with an interesting method of combating spyware: lawsuits against the companies. Since the spyware is often found on elementary school computers, and it's children who download it, the technical staff has considered lawsuits. IANAL, but it goes something like this: the children are obviously minors, and when they click the EULA for installing an ActiveX control or someone goes through the ByteVerify exploit, they do not create a legally binding contract, and as it's an elementary school, the advertisers are very obviously collecting data on people under 13, which violates the COPA. Hence, we sue. It made sense to the legal department, and they're now trying to take out Rightfinder and CoolWebSearch. Also, since the CWS group of spyware can be classified as Trojan horses/virii, aren't they in violation of some obscure section of the USC? I'd _swear_ that they were.

    --

    Striking fear in the authors of godawful fanfiction, I am here, appearing in darkness, Tuxedo Jack!
  7. This happens quite a lot by nodwick · · Score: 4, Insightful
    There's an article in Dvorak's column in this month's PC Magazine (near the middle) describing how a day trader used a key logger to steal someone's brokerage password via a similar scheme. From the article:
    Using an alias, Dinh began prowling around in an online stock-chat forum, until he got the e-mail addresses of some of the traders. Using yet another alias, he then e-mailed these folks the key-logging backdoor, claiming in a long letter that he was beta-testing a new stock-charting software system and wondering whether they could help.

    Apparently, one unsuspecting sucker executed the software and wasn't suspicious when it didn't really do anything. Now Dinh had a backdoor and simply key-logged until he found the guy's online brokerage information and password. He could buy and sell from the guy's account.

    Apparently he used the other account as a dump for derivatives that he needed to offload quickly. Of course the person in the story should obviously have been more careful about clicking on attachments, but one lesson here is that as people become increasingly wired, the value of logins and passwords is becoming high enough that stealing those is as valuable or more than credit card numbers. This is especially true if you think about how much you can do financially online -- many people use the Internet almost exclusively for bill payments, stock transactions, money transfers, etc.
  8. Don't fear the kiddies.... by ajs · · Score: 3, Insightful

    As a sysadmin that has been dealing with security issues in financial and other corporate settings for well over a decade, I can tell you that the fear-factor on kiddies with their viruses starts to fade over time. However, what I've noticed happening is that people are coming to accept these relatively benign viruses, root-kits, etc as a fact of life, and they seem to be forgetting that where kiddie-hack-of-the-week can succede there WILL ALWAYS BE a small, but worrisome number of clueful people exploiting the opening.

    Most often those people are insiders, so you have the added worry that things like firewalls are useless (do you sniff email for viruses on internal mail? do you have unpatched servers that only intenal users have access to?), and they may be able to convince others that you think you can trust to look the other way.

    Security is one of those ugly balancing acts. Ultimately, it's a losing game because once a determined cracker with a clue sets their sights on you, you're done for. No amount of security is sufficient... really (yes, even a gasketted vault with armed guards CAN be cracked). The key is risk-vs-reward and always trying to make sure that some poor clueless bastard out there is an easier target than you.

  9. idiots always open attachments... by gamlidek · · Score: 4, Insightful

    *Yawn* So what? Idiots will always open email attachments from unknown recipients and ultimately execute some sort of hidden code on their machine mainly because they can't figure out how to turn that stuff off or stop clicking on everything they see. I'd love to blame M$ here, but it really is the techno-weenies that do it to themselves by pretending they know how to use a computer, yet no matter how many times they're told "don't open attachments" they do it anyway. I love it when the email software is set up to autoexecute this stuff by default so they don't even know about it. RTFM, people!

    -gam

    --
    "In theory, theory and practice are the same; in practice, they are not."
  10. Re:Here's our nightmare scenario in the military.. by zeux · · Score: 5, Insightful
    China has opted to bet the farm on Linux after seeing the Windows Source Code.

    I think that China choose Linux not because of Windows source code but because Windows is the product of an American company.

    But maybe I'm wrong.
    --
    Iraq: war to save the U