Combating Spyware in the Enterprise

Hackers can use both botnets and phishing attacks to deliver spyware to a host. In the phishing attack, the hacker sends the bait in the form of an e-mail requiring urgent action to avoid unpleasant consequences. The e-mail tells the user to click on a link that appears to take them to a Web site they trust. At this Web site, the hacker can gather account information and/or passwords, or can upload a Trojan (most likely a remote access Trojan) for these purposes. The botnet s usual mode of operation is to scan for hosts that are vulnerable to a set of exploits which permit remote access to the host. The discovered exploit is launched and the bot client is installed.
Botnets and phishing attacks are targetable. That is, the hacker can target a company or a market sector for these attacks. Although both can be random, they can be customized to a selected set of potential hosts. The phishing hacker is able to get users to self-select themselves by sending out e-mail that masquerades as a bank or other company they want to target. Users that do not use that bank simply do not respond. The bot herder can configure the bot clients to limit their scanning to hosts in a defined set of Internet Protocol (IP) addresses. With this targeting capability comes the ability to market customized attacks for sale.
Phishing is so named because the attack is much...