RealTime IT News

Spyware For The Masses

Snoops no longer need much technical savvy to steal personal information from computers and mobile phones. The reason? Easy-to-use spyware is increasingly becoming available online.

Recently released offerings include a kit that allows purchasers to infect their Web sites with malicious software code that can automatically install itself on computers that happen to visit the booby trapped site, and software that can be installed on mobile phones to track all incoming and outgoing calls and text messages.

Early last week researchers at Sophos, a security research firm based in Abingdon, England, spotted the "WebAttacker" kit, an online tutorial and guide to free shareware and spyware packages available on the Internet.

Offered on a Russian Web site, the tutorial explains how to lure victims to Web sites containing spyware that can automatically install itself on computers running the Windows operating system and using Microsoft's Internet Explorer browser. The exploits only install automatically if users have neglected to apply Windows security patches and updates to their computer's software.

"This type of behavior is inviting the return of what we call script-kiddies," said Carole Theriault, senior security consultant at Sophos, in a statement. "The more common cyber attacks become, the more of these types of sites offering kits, databases of email addresses and [custom-built] Trojans and spyware we will see. So as long as the money continues to flow, there will be interested parties."

The Russian spyware kit is available for sale directly from the site, and the company offers technical support to buyers. Mikko Hypponen, chief research director at F-Secure, a security firm based in Helsinki, Finland, said that using the kit properly requires some technical expertise, although users need not have programming knowledge.

But Hypponen said there are kits available on the Internet that are even easier to use. One package, offered on a Web site that recently went off line, included a video that explained how to "fine tune and configure" the purchased exploit, according to the descriptive copy on the Web site where the kit was for sale. The site's copy claims that "It's important to note that our exploits are created especially for ordinary users, i.e. any kind of user can adjust this exploit and use it effectively."

Ken Dunham, director of the rapid response team at iDefense, a security research firm based in Dulles, Virginia, said the use of spyware and adware is a "rising threat," with millions of illegal installations of such code taking place in the past year.

While the lines separating the two are thin, adware is normally defined as spyware that is installed with the user's permission and consent. Spyware monitors a user's activities online and on infected computers, and then relays that information via the Internet to whoever has deployed the snoopy application.

Dunham said traditional anti-virus programs have been slow to respond to such threats, giving adware and spyware the edge during the recent period of growth. "The reality is that millions of consumers have ad/spyware on their computer and don't even realize it until it impacts performance on the computer," he said.

The JavaScript exploits included in the Russian kit identify the visiting computer's browser version and operating system, detect any installed security patches and then launches the most appropriate exploit. Once active on a computer the malicious software downloads a small program that attempts to disable the computer's firewall. It then installs the spyware.

Hypponen says that users of spyware kits are usually "data thieves and small-scale industrial spies. State-sponsored spies and high-level industrial espionage players don't need to buy kits from the Web, they do their own development."

Other easy-to-use applications currently available online include software that infects Symbian mobile phones and then records information about the victim's mobile call usage and text messages. "Flexispy," offered by a commercial software firm based in Thailand, sends the records to a remote server that's accessible to the person who planted the software on the affected phone.

The company that offers the application bills itself as the world's "first mobile spy," and says the application is a useful tool for catching a cheating spouse, protecting children and tracking one's own communications. Wannabe snoops need to have physical access to the phone to install the software.

In other spyware-for-hire news, on Tuesday an Israeli court ruled that Ruth and Michael Haephrati would be fined two million shekels (approximately $423,200) for developing and selling spyware.

The couple have already been sentenced to four and two years in jail respectively for offering the spyware to private investigators who allegedly used it to spy on their clients' business competitors. Nine of the investigators have also been indicted.

Court papers indicate that the software was created by Michael Haephrati as a "joke," intended to be used against members of his ex-wife's family. His new wife later decided to sell the malicious program.

The couple was arrested at their London home in May 2005 and extradited to Israel at the beginning of this year.

"Hackers for hire have converged with traditional criminals to offer a suite of services," said Dunham. "You can pay hackers for exploits or to hack into a site. We've even seen full time jobs offered by Russians to hire experts to help them develop exploits and DDoS capabilities.

"We believe that corporate espionage is under-reported and a growing issue in a highly competitive market."