Intro to Greynets and Spyware

There are a lot of differing opinions on what the definitions of Parasiteware Spyware, Adware and Malware should be.

In order to help you we have provided brief definitions in this miniature spy primer.

Greynets

Actiance considers IM, P2P and spyware part of a larger, fast-growing set of unsanctioned applications called "Greynets." Greynet applications are downloaded and installed on end user systems, without expressed permission from, or awareness by IT (and often without even the end user's awareness - as with spyware) and then use evasive encryption and port agility techniques to traverse the network. Greynet applications include instant messaging, P2P file sharing, web conferencing, SKYPE, web mail and adware/spyware and anonymizers.

Greynets Landscape

Greynets Market Study

Actiance Communications and NewDiligence, a market research company, conducted a Greynets Research Study compiling data from 622 IT managers and 564 end users across small, medium and large businesses to learn about the corporate use of Greynets and the impact of spyware and virus incidents within organizations. (Data collected May through July of 2005.) Key findings can be found below.

Request the complete results of the Greynets Research Study.

Key Findings:

• Enterprises are spending on average $130,000 per month in IT time fighting spyware problems.
  
  
• In general, end users believe they have the right to install Greynet applications at the workplace. They also believe IT has any security issues associated with Greynets under control. 87% of the same end users reported a spyware or virus problem resulting in slow internet response times, pop up ads and corrupted files.
  
  
• Among IT managers who have rolled out perimeter security, consisting of gateway AV, URL filtering and IDS/IDP, 77% have had either a virus or spyware incident in the past 6 months.
  
  
• According to the research findings within the next 6 months virtually all end users will have deployed some type of Greynet application and 8 in 10 end users (78%) now use one or more Greynet applications; based on stated intentions this number will rise to 93% in the next 6 months.
  
  
• 3 in 10 IT managers who experienced a virus incident, report that IM has been associated with such occurrences. A similar proportion report that IM has been associated with spyware.

Expected Growth and Adoption of Greynet Applications By Endusers

Number of Greynet Apps In Use At Work Locations

Source: Actiance Greynets Research Study, Aug 2005

ParasiteWare

ParasiteWare is the term for any Adware that by default overwrites certain affiliate tracking links. These tracking links are used by webmasters to sell products and to help fund websites. The controversy is centered on companies like WhenU, eBates, and Top Moxie, a popular maker of Adware applications. These companies have release their software to assist users in getting credit for rebates, cash back shopping, or contributions to funds. To the end user ParasiteWare represents little in the way of a security threat.

Adware

Adware, also known as an Adbot, can do a number of things from profile your online surfing and spending habits to popping up annoying ad windows as you surf. In some cases Adware has been bundled (i.e. peer-to-peer file swapping products) with other software without the user's knowledge or slipped in the fine print of a EULA (End User License Agreement). Not all Adware is bad, but often users are annoyed by adware's intrusive behavior. Keep in mind that by removing Adware sometimes the program it came bundled with for free may stop functioning. Some Adware, dubbed a "BackDoor Santa" may not perform any activity other then profile a user's surfing activity for study.

AdWare can be obnoxious in that it performs "drive-by downloads". Drive-by downloads are accomplished by providing a misleading dialogue box or other methods of stealth installation. Many times users have no idea they have installed the application. Often Adware makers make their application difficult to uninstall.

A "EULA" or End User License Agreement is the agreement you accept when you click "OK" or "Continue" when you are installing software. Many users never bother to read the EULA.

It is imperative to actually read this agreement before you install any software. No matter how tedious the EULA, you should be able to find out the intent BEFORE you install the software. If you have questions about the EULA- e-mail the company and ask them for clarification.

Spyware

Spyware is potentially more dangerous beast than Adware because it can record your keystrokes, history, passwords, and other confidential and private information. Spyware is often sold as a spouse monitor, child monitor, a surveillance tool or simply as a tool to spy on users to gain unauthorized access. Spyware is also known as: snoopware, PC surveillance, key logger, system recorders, Parental control software, PC recorder, Detective software and Internet monitoring software.

Spyware covertly gathers user information and activity without the user's knowledge. Spy software can record your keystrokes as you type them, passwords, credit card numbers, sensitive information, where you surf, chat logs, and can even take random screenshots of your activity. Basically whatever you do on the computer is completely viewable by the spy. You do not have to be connected to the Internet to be spied upon.

The latest permutations of Spyware include the use of routines to mail out user activity via e-mail or posting information to the web where the spy can view it at their leisure. Also many spyware vendors use "stealth routines" and "polymorphic" (meaning to change" techniques to avoid detection and removal by popular anti-spy software. In some cases Spyware vendors have went as far as to counter-attack anti-spy packages by attempting to break their use. In addition they may use routines to re-install the spyware application after it has been detected.

Malware

Malware is slang for malicious software. Malware is software designed specifically to disrupt a computer system. A trojan horse , worm or a virus could be classified as Malware. Some advertising software can be malicious in that it can try to re-install itself after you remove it.

For the purpose of simplicity Malware is software specifically engineered to damage your machine or interrupt the normal computing environment.

Examples of Malware include:

Page Hijackers

Hijackers are applications that attempt to usurp control of the user's home page and reset it with one of the hijackers choosing. They are a low security threat, but obnoxious. Most Hijackers use stealth techniques or trick dialogue boxes to perform installation.

Dialers

A dialer is a type of software used by pornographic vendors. Once dialer software is downloaded the user is disconnected from their modem's usual Internet service provider and another phone number and the user is billed. While dialers do not spy on users they are malevolent in nature because they can cause huge financial harm to the victim.