In Cybersecurity

Spyware is as harmful as it sounds. Its primary purpose is to steal information, and yet we allow it to be installed on our networks every day. Why? Because spyware often masquerades as useful, and legitimate tools, complete with user license agreements! But no matter how you slice it – it’s just malware pretending to be something else.

And we let users freely install it daily.

The Cisco Midyear Cybersecurity Report recently outlined several core elements of spyware and the risks they pose. While breaking spyware down into three primary categories (adware, system monitors, and Trojans), they highlight that spyware can:

  • Steal user and company information including Personally Identifiable Information (PII)
  • Weaken a company’s security posture by modifying device configurations, installing unwanted software, and allowing for remote control of the device to which it’s connected
  • Increase the chances of other malware infections

25% of the 300 companies tested were infected with three types of spyware. Those three types were:

Hola VPN

Hola is a freemium software that provides a VPN-type service to other users. These peer-to-peer connections create a “closed network”. It also uses peer-to-peer caching, storing information from other users on your device.

Why is it spyware?

Hola’s functionality includes selling users’ bandwidth through a service called Luminati, installing its own code-signing cert. It then downloads any file, with an option to bypass antivirus checking, and runs application code remotely. This increases the impacted company’s risk profile while losing bandwidth.

Relevant Knowledge

This system acts as a sort of philanthropic Wikipedia, promising to donate to a particular cause when users sign up for the service. Within this application lurks the ability to collect mass quantities of information about your Internet browsing behavior, demographics, systems, and configurations. Another devious tactic is that Relevant Knowledge often comes bundled in with other software, so the end user may not even be aware that they have it installed.

Why is it spyware?

The idea that an application can install the software within your network should be enough to block this software on its own. In case that isn’t enough, it also collects information to create profiles it and then sells that information to other third parties.

DNS Changer and DNS Unlocker

This tool offers the ability to connect to geographically-restricted websites, including streaming sites. DNS Changer is a Trojan that changes the DNS settings of the infected host.  The Unlocker version is an adware service.  According to Cisco, this spyware replaces nameservers so to redirect Internet traffic to the attacker’s servers. From there, they can inject, modify, and inspect it. Worst-case scenarios include criminals attaining remote access to the infected system(s).

Why is it spyware?

Besides establishing remote access to the infected system, these tools can also steal PII, redirect user traffic, and inject malicious advertising on websites visited.

Protect Your Firm

So, in summary, do all you can to avoid these tools within your business network.  Ask your IT manager or provider to scan your network for spyware. If found, be sure to have it removed right away. You – and your clients – will be happy you did.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.