Spyware Security Advisory: Awareness and Protection
What is "Spyware"?
On 6th April 2005, the Monetary Authority
of Singapore (MAS) has issued a "Security Advisory" circular
to alert the financial institutions on various Internet
security threats (such as phishing1 , pharming2 , fake
emails, website impersonation, trojan horses3,
worms4, viruses5, keyloggers6
). In particular, the threat of spyware was
AIA is committed to protecting the
confidentiality and integrity of our customers' information.
The Technology Risk Management team would like to bring to
your attention the potential threat of spyware so that we can
protect the valuable corporate assets together.
- 1Phishing means
sending an e-mail that falsely claims to be from a
particular enterprise (like your bank) and asking for
sensitive financial information.
- 2Pharming is named
after phishing, where you are led to a web site that looks
like it's legitimate but actually is there to steal your
passwords when you enter them.
- 3Trojan is a
program which claims to do something or have a specific
useful function, but once executed it does something
completely different. An analogy to the Greek Trojan Horse.
- 4Worm is a program
that makes and facilitates the distribution of copies of
itself; for example, from one disk drive to another, or by
copying itself using e-mail or another transport mechanism
- 5Virus is a program
or code that replicates itself onto other files with which
it comes in contact; that is, a virus can infect another
program, boot sector, partition sector, or a document that
supports macros, by inserting itself or attaching itself to
(KeyLogger, Key Logger, or Keystroke Logger) is a program
that runs in the background, recording all the keystrokes.
Once keystrokes are logged, they are hidden in the machine
for subsequent retrieval, or shipped raw to the
Spyware is an emerging Internet security threat. Advertised as a means to improve Internet connection speed and gain other benefits, some spyware, when installed, redirect and re-route the Internet connections of users through spyware servers. Communication traffic and customer transactions routed through such servers are susceptible to unauthorized access and disclosure. As a result, customer PINs, passwords, usernames, credit card numbers, account identifiers, financial transactions and other confidential data might be exploited.
What are the common symptoms of "Spyware infection"?
How can "Spyware" get into my computer?
- Endless pop-up windows on your web browser.
- Often being re-directed to unfamiliar web page.
- New icon appears on your web browser toolbars.
- Sudden changes in web browser home page.
- Random windows error message appears.
- Computer processing speed slows down
How can you protect your PC from "Spyware"?
Spyware can be installed through the following techniques:
Automatic download from a website you are surfing.
Embedded into the installation process from free and useful programs or a illegal piece of software. Examples of these programs are:
Movie and sound players
Unknown source applications utilities
Software programs that sent by e-mail attachment
Be wary of Internet banners, advertisements and pop-ups while surfing the Internet. Always refrain from clicking on them no matter how enticing they may appear.
Avoid downloading programs from unknown sources.
Do not open any attachment from unknown sources.
Do not play movie or music file from unknown sources.
Change your password REGULARLY to protect your personal data.
Always make sure you have an anti-virus software program and/or anti-spyware software enabled before you download other programs or open e-mails.
If you have reasons to believe that your PC/ID/Password has been compromised or encounter suspicious activities or events, you can report IT Security incidents to AIA Singapore IT Helpdesk.