Monday, March 14, 2005

Fwd: [itsdifferent] Grayware - A New Term in world of IT Security

---------- Forwarded message ----------
From: Deven Goratela
Date: Fri, 11 Mar 2005 15:40:06 +0530
Subject: [itsdifferent] Grayware - A New Term in world of IT Security
To: itsdifferent@yahoogroups.com

Grayware

Overview

Grayware is a new term that is starting to appear on IT and security
professionals' radar screens. Many end users are only vaguely aware of
grayware and its potential impact on their systems. But the
probability of their PCs or laptops being infected with grayware is
extremely high and many users have experienced the symptoms produced
by grayware installed on their PCs. In addition, many of the most
threatening impacts of grayware, such as usage pattern tracking,
invasion of privacy and information theft can remain unseen and all
possible without the user having to consciously download and execute
any applications.

With the many email viruses making headline news every few months,
users are now beginning to understand the potential dangers of opening
an unsolicited email - even if it's from someone they know! With
grayware, users don't even have to open an attachment or execute a
program to become infected. Just visiting a Web site that harbors this
technology is enough to become a victim. And while some types of
grayware such as pop-ups may be viewed in the same manner as spam -
more of an annoyance that a true security threat - there is a fine
line between "harmless" grayware and those types that can compromise
valuable information such as credit card numbers, passwords, and even
a user's identity.

What is Grayware?

Usually installed and run Grayware is an umbrella term applied to a
wide range of applications that are installed on a user's computer to
track and/or report certain information back to some external source
without the permission of the user. Some forms of grayware come as
Trojan applications that trick users into installing them. Sources of
grayware can come from any number of places and activities:
Downloading shareware, freeware, or other forms of file sharing services
Opening infected emails
Clicking on pop-up advertising
Visiting frivolous or spoofed web sites
Installing Trojan applications

All grayware sources are not necessarily malevolent, as Web site
developers are using newer techniques to customize their web sites and
obtain better results. Tracking the usage patterns of visitors to
offer more customized search results to result in higher sales is the
ultimate goal of many of grayware applications.

Typically, the symptoms of having grayware installed on a host may be
slower performance, more pop-up advertising, web browser home pages
being redirected to other sites, and so forth. Generally these effects
are more of an annoyance than a security threat. But hackers have also
learned that grayware techniques can be used for other purposes too
and have started using many of the web browser's capabilities to load
and run programs that open access, collect information, track
keystrokes, modify system settings, or to inflict other kinds of
damage.

Although the most common grayware category gaining world wide
attention is "Spyware", grayware can fall into many categories
including:

Adware - Adware is usually embedded in freeware applications that
users can download and install at no cost. Adware programs are used to
load pop-up browser windows to deliver advertisements when the
application is open or run.

Dialers - Dialers are grayware applications that are used to control
the PC's modem. These applications are generally used to make long
distance calls or call premium 900 numbers to create revenue for the
thief.

Gaming - Gaming grayware applications are usually installed to provide
joke or nuisance games.

Joke - Joke grayware are applications that are used to change system
settings, but do no damage to the system. Examples include changing
the system cursor or Windows' background image.

Peer-to-Peer - P2P grayware are applications that are installed to
perform file exchanges. (P2P) While P2P is a legitimate protocol that
can be used for business purposes, the grayware applications are often
used to illegally swap music, movies, and other files.

Spyware - Spyware applications are usually included with freeware.
Spyware is designed to track and analyze a user's activity, such a
user's web browsing habits. The tracked information is sent back to
the originator's Web site where it may be recorded and analyzed.
Spyware can be responsible for performance related issues on the
user's PC.

Key Logger - Key Loggers are perhaps one of the most dangerous
grayware applications. These programs are installed to capture the
keystrokes made on a keyboard. These applications can be designed to
capture user and password information, credit card numbers, email,
chat, instant messages, and more.

Hijacker - Hijackers are grayware applications that manipulate the Web
browser or other settings to change the user's favorite or bookmarked
sites, start pages, or menu options. Some Hijackers have the ability
to manipulate DNS settings to reroute DNS requests to a malicious DNS
server.

Plugins - Plugin grayware applications are designed to add additional
programs or features to an existing application in an attempt to
control, record, and send browsing preferences or other information
back to an external destination.

Network Management - Network Management Tools are grayware
applications that are designed to be installed for malicious purposes.
These applications are used to change Tools network settings, disrupt
network security, or cause other forms of network disruption.

Remote Administration Tools - Remote Administration Tools are grayware
applications that allow an external user to remotely gain access,
change, or monitor a computer on a network.

BHO - BHO grayware applications are DLL files that are often installed
as part of a software application to allow the program to control the
behavior of Internet Explorer. Not all BHOs are malicious, but the
potential exists to track surfing habits and gather other information
stored on the host.

Toolbar - Toolbar grayware applications are installed to modify the
computer's existing toolbar features. These programs can be used to
monitor web habits, send information back to the developer, or change
the functionality of the host.

Download - Downloaders are grayware applications that are installed to
allow other software to be downloaded and installed without the user's
knowledge. These applications are usually run during the startup
process and can be used to install advertising, dial software, or
other malicious code.

Symptoms of Grayware

Grayware applications can perform many different tasks as outlined in
the grayware categories above. Some of the most common symptoms that
an infected system can exhibit include the following:

1. The performance of your computer is slower. The grayware
application is taking more CPU and memory resources and causing the
computer to slow down. By opening the Windows Task Manager and viewing
the processes that are consuming the CPU and memory resources,
grayware applications may be identified. Often, the grayware
applications running on the computer are "unknown" applications to the
user.

2. The send and receive lights on your cable/DSL modem or the
network/modem icons on the task bar are flashing to indicate traffic
transmitted to and from your computer, even though you are not
performing any online processes at that time to cause such traffic to
occur.

3. The computer displays pop-up messages and advertisements when
it's not connected to the Internet or when the browser is not running.

4. The home page on your web browser has been changed from your
selected default and you did not instigate the change. And changing it
back may not fix the problem.

5. Internet Explorer's search engine has been changed from the
default setting and search results are delivered by an unexpected
search site.

6. Your web browser's "favorite" list has been modified and
changing it back or removing the new additions does not work.

7. Your search or web browser toolbars are modified and new
options are installed. Attempts to remove the toolbar items fail.

8. Your phone bills increase due to numbers or premium services
(900 numbers) that you did not use.

9. Your Antivirus program, Anti-Spyware program, or other
security related program stops working. You receive warnings of
missing application files and replacing them does not solve the
problem. Sophisticated grayware applications may disable popular
security programs before installing themselves.

Protecting Against Grayware

Stopping and preventing grayware from infecting hosts can be performed
in several ways.

USER EDUCATION

Though not a sure-all method, every grayware mitigation program should
start with development, communication, and enforcement of policies to
guide end user behavior. This can be as simple as educating employees
regarding the nature and dangers of grayware and establishing policies
that prohibit downloading and installing applications that are not
approved by the company. In the case where download and installation
are allowed, users should be instructed to carefully research the
provider's web site and read the fine print in the "End User License
Agreement". By doing this, they may be surprised to learn what is
being installed onto their computer and what the application is
designed to do when they click on the software license's "I Agree…"
button.

Grayware and Trojan applications designed for malicious intent will
always be deceptive and try to stay well hidden to prevent
disinfection and removal.

Other things that can help reduce the chances of grayware infection is
to increase the security settings on the Web browser, configure email
programs such as Microsoft Outlook to not automatically download
Internet pictures or other material in HTML email, turn off
auto-preview, and to stay on top of the latest security patches for
all of your operating system and applications.

HOST-BASED ANTI-SPYWARE PROGRAMS

Users and IT professionals that have become "grayware educated" and
understand the threats that these applications bring have started
turning to clientbased software applications that spot, remove, and
block spyware. The new breed of Anti-Spyware applications function
similarly to the antivirus programs that are installed on nearly all
computer systems today. Host-based anti-spyware applications have the
ability to detect, remove, and block grayware applications, based on
their signature database and the success will depend on the number of
grayware signatures and the accuracy of their signature databases.

The difficulty with a client-based approach is the overhead that is
normally associated with installing and maintaining client software
applications on all corporate PCs. This includes the resources to
purchase and install the software on each computer and to perform
routine upgrades and updates to the software and its signature
database. Depending on the anti-spyware's license scheme, the cost may
also be intrusive to full corporate-wide adoption for some cost
conscious customers.

One other danger of client-based security software is the possibility
of having the Anti-spyware protection disabled by the end user or by a
malicious application. Trojan and grayware applications are becoming
more proactive with their installation routines and may check for the
presence of protection software such as antivirus or personal
firewalls. By disabling the protection software, during their
installation process, they have a better chance running undetected.

NETWORK-BASED GRAYWARE PROTECTION

A third way of detecting grayware applications is through a network
gateway approach. Installing grayware detection on a perimeter
security appliance where the private corporate network connects to the
Public Internet can help identify and eradicate grayware applications
before they reach the end user's computer. The network-based approach
centralizes the intelligence at the ingress point into the corporate
network where grayware enters the company and significantly lowers the
maintenance overhead of installing, maintaining, and keeping signature
databases up-to-date. By performing an update on the gateway appliance
performing the grayware protection, all computers behind the gateway
are automatically protected.

The drawback of a centralized solution is when the user leaves the
office and is no longer behind the security appliance. In these cases,
the mobile users must rely on individual security programs that are
installed on their computers to protect them against threats - such as
antivirus and personal firewall programs.

Note: This Group is not a Job Searching Group, so please co-operate
and dont transfer any kind of job related material across this
Group.AnyOne doing so can be banned from the Group
Thanx , Group Co-Ordinators

Yahoo! Groups Sponsor
ADVERTISEMENT

________________________________
Yahoo! Groups Links

To visit your group on the web, go to:
http://groups.yahoo.com/group/itsdifferent/

To unsubscribe from this group, send an email to:
itsdifferent-unsubscribe@yahoogroups.com

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.

--
--
Regards...
/*******************************
itsDifferent
http://its-Different.blogspot.com
http://groups.yahoo.com/group/itsdifferent/join
http://groups.msn.com/its-Different/join
http://groups-beta.google.com/group/itsdifferent
*******************************/

2 comments:

best mortgage ratee said...

Hype blog. And I admire your site and plan on
returning to it! When I web surf it always helps me to
find great blogs.
Check out my nokia 3220 ring tone blog, please!

job opportunitya said...

Incredible blog. I admired your site and I will be
back once again to view it! I use much of my spare
time searching for blogs like yours.
I hope you had a chance to check out my plastic surgery specialist blog.