Mike Healan
November 21, 2003
Last July, an English credit card and financial company was targeted
by hackers in an attempt to install spyware on employee workstations.
The spyware installers were attached to emails sent to many employees
with the subject line "Wedding Invitation".
I haven't been able to determine if the attack worked or if the
company's security consultants caught it before anyone installed the
spyware. From what I have read, it looks like it was caught before any workstations were infected.
Security consultants at Clearswift identified the installer as iSpyNOW, a professional surveillance spyware that is sold commercially. iSpyNOW provides a controversial feature
known commonly as "remote deployment". A marketer's explanation is
that this feature allows you to deploy the software on a PC, even if
you do not have physical access to that PC.
In practical use, it means that you can email the installer to
someone and hope that they are foolish enough to infect themselves with it.
Considering
the phenomenal numbers of people who become infected every time a new
email worm starts to spread, there is a good possibility that the
victim obligingly will install the spyware without realizing what they
are doing.
Installing spyware on someone else's computer should be
illegal. In
many jurisdictions, it already is illegal. If you do not have physical
access to a computer, so that you can install software on it normally,
then you are almost certainly not the owner of that machine and have no business installing anything on it.
The FBI already is investigating the company behind Lover Spy for violating US federal wiretapping laws. Lover
Spy is a spyware program advertised last month in a massive spamming
campaign. The company not only uses remote deployment, it also markets
this feature as a way to install it on unsuspecting victims.
The developer of TrueActive spyware (formerly WinWhatWhere)
voluntarily removed that same feature from his own software citing
ethical concerns and technical support issues. Several other companies
continue to use this type of installer, including iSpyNOW, Spectorsoft
and e-Blaster.
This "remote deployment" installation method needs to be outlawed
where monitoring software is concerned. There are no legitimate uses
for an installer program that mimics an email worm to install
surveillance spyware and there should be criminal sanctions for
providing one. Congresswoman Bono, Congressman Towns, are you reading this?
Links:
http://www.spywareinfoforum.info/newlsetter/aug12,2003#framed :: Framed by a Browser Hijacker
http://www.spywareinfoforum.info/newlsetter/oct7,2003#loverspy :: Spy On Your Lover, Go To Jail
http://news.com.com/2100-1032_3-5108965.html :: 'Spyware' steps out of the shadows
http://www.spywareguide.com/product_show.php?SPY=13 :: iSpyNOW Description
http://www.spywareinfoforum.info/articles/spyware/spotlight.php :: Malicious Software in the Spotlight
