The Network Poltergeist
by Jonathan Mepsted - Regional Director, Fortinet - Wednesday, 2 March 2005.
The IT industry isn’t as boring and technically obsessed as many outsiders believe. Viruses and malicious hacker threats in particular have been increasingly sensationalised in the popular press, squeezing the issues gradually into the public consciousness.

Causing a big stir is the prevalence of Adware and Spyware which steal processing power and track users’ footprints around the Internet. This group of ‘Grayware’ applications has plagued home and SME users, and is now becoming an extremely serious matter for enterprises too - turning more invasive and sinister by the day.

I recently described to a friend what a Worm Program was and how it worked; lying undetected on a PC until a pre-set sequence brings it to the surface to perform some malicious action before disappearing again. Her smile of intrigue turned into a gaping maw as I explained how together, tens of thousands of these programs activating simultaneously create a virtual machine out of the control of its users. “Just like in The Terminator…” she mumbled in response, rapidly growing pale.

Security is the one aspect of IT that regularly grips imaginations, which is great news if you’re trying to impress at a dinner party and even better news if you’re trying to wrestle greater resources and acceptance from senior non-IT colleagues. IT used to be a black art that ‘ people over there’ dealt with. Now it’s at the boardroom level and everyone and their dog has an interest in how company data is being protected.

You could well argue that Grayware - the collective term for the family of Adware, Spyware, Diallers, Hijackers, Key-Loggers and other ‘Ghost’ Programs that are perpetually installing themselves onto every PC on the planet – is the new Spam. Like Spam, Grayware been around for a while and in many forms it’s pretty harmless stuff that irritates more than infiltrates. Also like Spam however, it’s reached a fit of pique – we’ve all got it, it’s causing some extremely troubling effects, and it’s time enterprises took it more seriously.

Many of the most threatening impacts of Grayware, such as usage pattern tracking, invasion of privacy and information theft can remain unseen and are all possible without the user having to consciously open, download or execute any applications. Just visiting a web site harbouring this technology is enough to become a victim.

Unwitting use of Grayware can compromise valuable information such as credit card numbers, passwords, and even a user's identity. Other than the generally familiar Adware and Spyware, here are some other examples of Grayware threats in the wild:

Key Loggers - perhaps one of the most dangerous Grayware applications, installed to capture the strokes made on a keyboard. These applications can be designed to capture user and password information, credit card numbers, email, chat, instant messages, and more.

Diallers - used to control the PC's modem. These applications are generally used to make long distance calls or call premium numbers to create revenue for the thief.

Hijackers - can manipulate the Web browser or other settings to change favorite or bookmarked sites, start pages, or menu options. Some hijackers have the ability to manipulate DNS settings to reroute DNS requests to a malicious DNS server.

Network Management Tools - designed to be installed implicitly for malicious purposes. These applications are used to change Tools network settings, disrupt network security, or cause other forms of network disruption.

Remote Administration Tools - allow an external user to remotely gain access, change, or monitor a computer on a network.

BHOs - DLL files that are often installed as part of a software application to allow the program to control the behavior of Internet Explorer. Not all BHOs are malicious, but they can track surfing habits and gather other information stored on the host.


Analytics services are tracking users via Chrome extensions

It's quite possible that, despite your belief that the Google Chrome is the safest browser there is and your use of extensions that prevent tracking, your online movements are still being tracked.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Nov 24th