Overview
Most often transmitted as part of another related software program, e-mail spyware presents a significant security risk for organizations because it compromises personal information, distributing it to unauthorized parties. While some spyware programs are distributed through e-mail by association with Trojan horses, others are sent directly as a worm or virus. In the general scope of spyware programs, other vectors of distribution also exist, the most common being manual—albeit surreptitious—installation by the user.
E-mail spyware in action
One example of an e-mail spyware program is the Ssppyy program. Released in March 2005, the threat gathers sensitive information from infected computers and transmits it to an e-mail address. Ssppppy arriving as an electronic greeting card, and, once opened, the e-mail spyware installs itself surreptitiously on the user’s computer. This is an example of social engineering, in which programs attempt to manipulate users into opening malicious programs by convincing them that it is, in fact, a legitimate e-mail. Through the spyware, criminals can gain access to e-mails transmitted through Outlook, in addition to monitoring keystrokes, stealing passwords, and executing files remotely on compromised computers.
The consequences of e-mail spyware
Because e-mail spyware’s purpose is, in essence, to spy on compromised computers and transmit that data to outside parties, organizations who fail to prevent spyware from installing may run afoul of state and federal legislation. The Sarbanes-Oxley act, for example, requires companies to defend how they maintain record integrity, which includes e-mail and, in some instances, instant message conversations. In addition, the act stipulates that companies disclose—in real time—operational changes that could affect the next financial report. From an IT perspective, these “changes” includes security intrusions such as those caused by e-mail spyware.
State laws also require organizations to disclose instances in which breaches caused by e-mail spyware have compromised sensitive or confidential information. In California, for example, Senate Bill 1386 specifies that companies disclose security breaches through written notifications, through conspicuous posting on a Web site or by disseminating the information through local media. Further penalties for companies affected by e-mail spyware include revocation of business license and potential litigation by those whose information has been compromised.
Protection from e-mail spyware
In some security packages from leading antivirus vendors, protection from e-mail spyware is classified as an extended threat and not protected by regular antivirus updates. As such, organizations without such protection remain vulnerable to ALL spyware threats. For companies that DO have comprehensive spyware protection, they still remain at risk for attacks for new, emerging and unknown e-mail spyware attacks. Networks are vulnerable to e-mail spyware during the period in which security vendors are still analyzing and developing pattern-files for newly released spyware outbreaks.
iSolation Server from Avinti eliminates e-mail spyware from entering corporate networks by executing and testing e-mail messages for malicious behavior in a virtual machine prior to enduser delivery. Because iSolation Server observes the actual behavior of incoming e-mail messages, it is able to quarantined messages with e-mail spyware. The solution, for example, prevents messages demonstrating unauthorized, malicious activity—like sending sensitive data to outside users or allowing remote execution on an enduser computer—from compromising otherwise secure networks.
