EXPERT RESPONSE
There are so many spyware possibilities here that it's hard to narrow the field down. Let's talk about a few categories of spyware, in the order in which they are often installed. Browser exploits are software snippets that an attacker may load onto a Web site. Typically delivered via HTTP to unsuspecting Web surfers, these exploits allow the attacker to run code in the browser. Examples of such attacks include WMF exploits from early 2006 and VML exploits from September of last year; there are countless others as well.
The code that runs in the browser is our second category of mobile malicious code. Usually, after exploiting a browser, the bad guys push a file dropper application on the vulnerable system. A file dropper, as its name implies, lets the attacker drop additional files -- usually more spyware -- onto a system, where the malicious files are eventually extracted and run. With a fully functional file dropper, the attacker can update his or her spyware on a regular basis, staying ahead of the antispyware and antivirus signature checks. The file dropper's payload may feature a bot, a remotely controllable agent that gives the attacker full control over machines. The file dropper can also install a keystroke logger on the machine, which gathers the victim's keystrokes and sends them to the attacker, who then might try to harvest passwords, account numbers and credit card numbers from the keystrokes of the victim machine.
How can you cope with this onslaught? Up-to-date antivirus and antispyware tools are critical, especially ones that support heuristic defenses. Even though many browser exploits are in the wild before solid fixes are available, it's still important to keep your system patched.
More information:
In today's enterprise, file format vulnerabilities are quickly taking center stage. Read more about it here.
So, you think you know mobile spyware? Sandra Kay Miller reveals some common misconceptions.
|
