
	Home > Ask the Security Experts > Expert Archive: Information Security Threats Questions & Answers > What are common kinds of mobile spyware?

Ask The Security Expert: Questions & Answers

EMAIL THIS

What are common kinds of mobile spyware?

EXPERT RESPONSE FROM: Ed Skoudis, past SearchSecurity.com expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 03 January 2007
Can you list some different types of mobile spyware? What can be done to combat them?

BROWSE BY TAG

Wireless Network Security: Setup and Tools, Handheld and Mobile Device Security Best Practices, Enterprise Network Security, Expert Archive: Information Security Threats, Smartphone and PDA Viruses and Threats, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Handheld and Mobile Device Security Best Practices
	Researchers find thousands of flawed embedded devices
	Best Mobile Data Security Products
	Should Windows Mobile updates come from Microsoft?
	MMS messaging spoof hack could have global ramifications
	How to prevent mobile phone spying
	Unified communications: Securing a converged infrastructure
	RIM patches serious BlackBerry Attachment Service flaws
	How secure are iPhone App Store mobile applications?
	Is there a spy on my mobile device?
	Mobile phones win during Pwn2Own contest
	Handheld and Mobile Device Security Best Practices Research

Expert Archive: Information Security Threats

The telltale signs of a network attack

Will Google Chrome enhance overall browser security?

Are there antivirus suites that pick up more than just run-of-the-mill viruses?

What tools can a hacker use to crack a laptop password?

Are social networking sites an easy target for malicious hackers?

What are the dangers of cross-site request forgery attacks (CSRF)?

Should social engineering tests be included in penetration testing?

What kind of data is compromised during a Google hack?

Best practices for using restriction policy whitelists

Defining mobile device security concerns

Smartphone and PDA Viruses and Threats

US-CERT warns of BlackBerry snooping software

Mini guide: How to remove and prevent Trojans, malware and spyware

SMS attacks against BlackBerry certificate flaw possible

MMS messaging spoof hack could have global ramifications

Unified communications: Securing a converged infrastructure

RIM patches serious BlackBerry Attachment Service flaws

Latest Apple iPhone features prompt security concerns

SMS mobile worm attacks Symbian smartphones

Smartphone security lacking at many businesses

RIM warns of serious vulnerability in BlackBerry Web loader

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

There are so many spyware possibilities here that it's hard to narrow the field down. Let's talk about a few categories of spyware, in the order in which they are often installed. Browser exploits are software snippets that an attacker may load onto a Web site. Typically delivered via HTTP to unsuspecting Web surfers, these exploits allow the attacker to run code in the browser. Examples of such attacks include WMF exploits from early 2006 and VML exploits from September of last year; there are countless others as well.

The code that runs in the browser is our second category of mobile malicious code. Usually, after exploiting a browser, the bad guys push a file dropper application on the vulnerable system. A file dropper, as its name implies, lets the attacker drop additional files -- usually more spyware -- onto a system, where the malicious files are eventually extracted and run. With a fully functional file dropper, the attacker can update his or her spyware on a regular basis, staying ahead of the antispyware and antivirus signature checks. The file dropper's payload may feature a bot, a remotely controllable agent that gives the attacker full control over machines. The file dropper can also install a keystroke logger on the machine, which gathers the victim's keystrokes and sends them to the attacker, who then might try to harvest passwords, account numbers and credit card numbers from the keystrokes of the victim machine.

How can you cope with this onslaught? Up-to-date antivirus and antispyware tools are critical, especially ones that support heuristic defenses. Even though many browser exploits are in the wild before solid fixes are available, it's still important to keep your system patched.

More information:

In today's enterprise, file format vulnerabilities are quickly taking center stage. Read more about it here.

So, you think you know mobile spyware? Sandra Kay Miller reveals some common misconceptions.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy