Spyware abuse


Spyware/Snoopware generally fits into the catagory of good safe software commonly used by parents to monitor thier kids online and make sure that little Suzy or Billy are'nt talking to strangers or looking at anything that the parents might not like. Employers use this software to monitor employees to make sure they are not using the internet for personl reasons or doing anything that might bring harm to the company.

Privacy arguments aside, this type of software has legitimate uses in the right circumstances. However, anyone who knows of my (now depreciated) previous website at Antiav.com will know that I find these programs to be as much as or even more insidious in thier design and features than any trojan horse type software.

You can imagine my glee when I came across this article at TheRegister.co.uk. It explains how a recent spat of e-bank thefts where thousands of South African Rand (The Rand is the Currency of SA BTW), were electronically transfered out of victims accounts and into other off-shore accounts. All these transactions appear to have been done through the web-banking portal provided by the bank. Evidence now appears to point the finger at someone using Eblaster product to capture the login ID's of the banks customers.

Eblaster is used to monitor all communications on the internet from a computer by worried parents and employers. From the Eblaster FAQ:
"eBlaster does not show up as an icon, does not appear in the Windows system tray, does not appear in Windows Programs, does not show up in the Windows task list, cannot be uninstalled without the eBlaster password which YOU specify, and eBlaster does not slow down the operation of the computer it is recording. eBlaster does not initiate connections to the internet and will only forward email and send activity reports when the monitored computer is already connected to the internet"
Sounds alot like a trojan horse to me

The thief managed to get ahold of the customers email addresses (not hard with some dumpster diving I'm sure), bought a copy of Eblaster and used it's Remote install feature to email out the program to the victims. Given 100 customers, I'm sure that 10%, or even 5% would click and have it install, ignoring all normal Anti-Virus rules (Don't click attachments you are'nt expecting!). 5 out of 100 peoples bank accounts can add up, 50 out or 1000 can be alot more, etc, etc.

Once the software was installed, the program would email the thief logs of activity, and all they would have to do is wait for them to logon to thier web banking and they would have thier Username and Password and complete control of the account. And since Eblaster is a 'product' of a 'reputable company', it's not detected by Anti-Virus software.

The thief, by paying ~$100 was able to defeat the combined expertise and R&D departments of every nearly every Anti-virus company on the planet. And we are putting our trust in them to protect us WHY?

I think we are going to see more attacks like this in the future. The only computer criminals you regularely hear about are ones that are stupid and use known trojans that are detected. The smart ones get away clean because they realize that a little investment can lead to a whole lot more ill-gotten reward.

On my previous site of Antiav.com I did some research and created a chart comparing the capabilities of various trojans and 'snoopware' products. It was nearly impossible to tell the difference. So, 3 years ago I was able to fortell the use of a 'legitimate' product with 'trojanesque' capabilities would be used maliciously to slip under the radar of Anti-Virus products.

Damn, I hate it when I'm right :)

RenderMan
7/23/03


Return to Main