Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs

Spyware- Potential for Terrorism?

by Wayne Porter

Date: 2.13.2003

There is no doubt that adware/spyware has reached epidemic proportions. All one needs to do is to visit any popular anti-spyware bulletin board or popular technical forum and the problems abound. They range from system lock-ups, intrusive advertising, slowed internet connections, network congestion and even glaring security holes. There is perhaps a potentially darker side to spyware in that it, like any mass distributed software, could be used to execute a massive attack on the Internet.

We were unlucky enough to experience the destructive power of a spyware-based attack ourselves, when an unknown entity repurposed what appeared to be a mydoom variant to launch a DDoS (Distributed Denial of Service Attack- When a network is flooded with traffic, the systems cannot respond normally, so service is denied) against various anti-spyware sites, including ours. There were several thousands of computers attacking the servers at the same time overwhelming the machines with requests. For those curious we have logs of this attack, and information about the attack has been forwarded to the FBI for investigation and analysis.

If a bitter spyware developer can execute an attack like this it is reasonable to suspect any foreign power has the resources to pull off an even more devastating attack. Any website can be thrown of the Internet in a few clicks. If the attackers are skilled enough, they could even take down the root DNS servers of the Internet. In short this would mean the entire Net comes to a grinding halt and everything that depends on the Net grinds to halt at the same time.

Let us keep in mind that most spyware and adware programs exist for one purpose- to make a profit. Favorable economics and poor policing is the primary reason it has become so prolific. Distribution costs are extremely low in comparison to the potential returns. Imagine, as a business, acquiring a customer for $0.10 and being able to make $10.00 off that customer in the course of a year. This plush economic Petri dish could be used as the very foundation to execute and fund a sophisticated, blended terrorist attack.

Sample Scenario:

For example, imagine Company X makes patriotic screensavers that are primarily passed along file sharing networks or through give-away programs or CPA networks. The program is free, it appears patriotic so chances are good that propagation will be swift and easy. In reality the program harbors a hidden Trojan horse specifically set up to coordinate a cyber offensive coupled with the ability to usurp other site's revenue streams or generate the stream itself.

pqnelhleyy 3ee31e4 633b5e5f

Company X derives revenue through popular "affiliate networks" or PPCSE (Pay-Per-Click-Search Engines). Affiliate networks aggregate relationships between merchants and websites. This is a very common and legitimate practice. Basically as the user shops through a popular store a small commission is set aside for the referring site who sent the customer. However in this case the insidious Company X is pocketing the cash by intercepting the transaction- often through cookie overwriting. This would not be hard to do because there is virtually no accountability to setup. A legitimate looking company site is all that is need to begin generating revenue through large networks. Most legal agreements are "click wrapped" meaning the company need only click a button to agree to be a good citizen and they can begin partnering with trusted brand name companies like Walmart, Target or Dell. It is really that simple.

With cheap distribution Company X is now capable of generating substantial revenue from trusted brand names at the expense of the very consumers they plan to attack! To make this very clear, trusted brand names would actually be funding these nefarious activities without ever knowing it was going on because due diligence is short in today's drive-by style of digital, e-commerce partnerships.

Now funding is in place, revenue is flowing to terrorists and the patriotic screen saver Trojan horse is set to execute a large DDoS type of attack on a predetermined date- a date that could be months or years in the future.

Foreign Power X, operating as Company X, then executes a 9/11 style attack on civilians in conjunction with a large scale DDoS attack via zombies that was set into motion and funded by the adware driven patriotic screensavers. The attack focuses on emergency medical services, critical government websites and media information outlets. For good measure they may throw in some socially engineered viral e-mail campaigns to deliver propaganda as well as propaganda campaigns that could be released by hundreds of thousands of the "patriotic" zombie machines and the use of UGC (user generated content- often video0. The result would be true pandemonium in the general population with very real and measurable damage.

The attack would most likely be very efficacious and this form of a coordinated "blended attack" that utilizes both offline and online components could be devastating to an economy and to civilian life.

Given the sophisticated nature of the current spyware battleground and proliferation of botnets it is not far-fetched at all. If we can imagine a scenario like this we are sure enterprising terrorists could imagine far more dangerous scenarios. Perhaps Homeland Security should be looking at how these advertising software programs operate, who they partner with, who is getting the revenue, and determine exactly what these programs are doing on people's machines? We aren't saying all adware is bad or designed for such evil intent, afterall technology is innocent. It is the people behind it who make the decisions and give technology its direction.

Unless otherwise noted this article is Copyright © 2022 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Read other articles (back to full list)

Help with the BUST!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts
Notice: Undefined index: version in /data/www/spywareguide/magpierss/rss_parse.inc on line 228
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
  • Recent Modifications
    2022-8-17  Adult Networks/Services
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
    2012-12-18  Sadbiz

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.