Ask the Expert

What are common kinds of mobile spyware?

Can you list some different types of mobile spyware? What can be done to combat them?

    Requires Free Membership to View

There are so many spyware possibilities here that it's hard to narrow the field down. Let's talk about a few categories of spyware, in the order in which they are often installed. Browser exploits are software snippets that an attacker may load onto a Web site. Typically delivered via HTTP to unsuspecting Web surfers, these exploits allow the attacker to run code in the browser. Examples of such attacks include WMF exploits from early 2006 and VML exploits from September of last year; there are countless others as well.

The code that runs in the browser is our second category of mobile malicious code. Usually, after exploiting a browser, the bad guys push a file dropper application on the vulnerable system. A file dropper, as its name implies, lets the attacker drop additional files -- usually more spyware -- onto a system, where the malicious files are eventually extracted and run. With a fully functional file dropper, the attacker can update his or her spyware on a regular basis, staying ahead of the antispyware and antivirus signature checks. The file dropper's payload may feature a bot, a remotely controllable agent that gives the attacker full control over machines. The file dropper can also install a keystroke logger on the machine, which gathers the victim's keystrokes and sends them to the attacker, who then might try to harvest passwords, account numbers and credit card numbers from the keystrokes of the victim machine.

How can you cope with this onslaught? Up-to-date antivirus and antispyware tools are critical, especially ones that support heuristic defenses. Even though many browser exploits are in the wild before solid fixes are available, it's still important to keep your system patched.

More information:

  • In today's enterprise, file format vulnerabilities are quickly taking center stage. Read more about it here.
  • So, you think you know mobile spyware? Sandra Kay Miller reveals some common misconceptions.
  • This was first published in March 2007

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: