Spyware Security Advisory: Awareness and Protection

On 6th April 2005, the Monetary Authority of Singapore (MAS) has issued a "Security Advisory" circular to alert the financial institutions on various Internet security threats (such as phishing1 , pharming2 , fake emails, website impersonation, trojan horses3, worms4, viruses5, keyloggers6 ). In particular, the threat of spyware was highlighted.

AIA is committed to protecting the confidentiality and integrity of our customers' information. The Technology Risk Management team would like to bring to your attention the potential threat of spyware so that we can protect the valuable corporate assets together.

  • 1Phishing means sending an e-mail that falsely claims to be from a particular enterprise (like your bank) and asking for sensitive financial information.
  • 2Pharming is named after phishing, where you are led to a web site that looks like it's legitimate but actually is there to steal your passwords when you enter them.
  • 3Trojan is a program which claims to do something or have a specific useful function, but once executed it does something completely different. An analogy to the Greek Trojan Horse.
  • 4Worm is a program that makes and facilitates the distribution of copies of itself; for example, from one disk drive to another, or by copying itself using e-mail or another transport mechanism
  • 5Virus is a program or code that replicates itself onto other files with which it comes in contact; that is, a virus can infect another program, boot sector, partition sector, or a document that supports macros, by inserting itself or attaching itself to that medium.
  • 6Keylogger (KeyLogger, Key Logger, or Keystroke Logger) is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for subsequent retrieval, or shipped raw to the attacker.
What is "Spyware"?
Spyware is an emerging Internet security threat. Advertised as a means to improve Internet connection speed and gain other benefits, some spyware, when installed, redirect and re-route the Internet connections of users through spyware servers. Communication traffic and customer transactions routed through such servers are susceptible to unauthorized access and disclosure. As a result, customer PINs, passwords, usernames, credit card numbers, account identifiers, financial transactions and other confidential data might be exploited.

What are the common symptoms of "Spyware infection"?
  1. Endless pop-up windows on your web browser.
  2. Often being re-directed to unfamiliar web page.
  3. New icon appears on your web browser toolbars.
  4. Sudden changes in web browser home page.
  5. Random windows error message appears.
  6. Computer processing speed slows down
How can "Spyware" get into my computer?
Spyware can be installed through the following techniques:
  1. Automatic download from a website you are surfing.
  2. Embedded into the installation process from free and useful programs or a illegal piece of software. Examples of these programs are:
    • Download accelerators
    • Games
    • Movie and sound players
    • Screen savers
    • Unknown source applications utilities
    • Software programs that sent by e-mail attachment
How can you protect your PC from "Spyware"?
  • Be wary of Internet banners, advertisements and pop-ups while surfing the Internet. Always refrain from clicking on them no matter how enticing they may appear.
  • Avoid downloading programs from unknown sources.
  • Do not open any attachment from unknown sources.
  • Do not play movie or music file from unknown sources.
  • Change your password REGULARLY to protect your personal data.
  • Always make sure you have an anti-virus software program and/or anti-spyware software enabled before you download other programs or open e-mails.
Incident Reporting
  • If you have reasons to believe that your PC/ID/Password has been compromised or encounter suspicious activities or events, you can report IT Security incidents to AIA Singapore IT Helpdesk.