How 'Grayware' Threatens Office Computer Networks

Do you use AOL Instant Messenger at work? How about Dropbox? Do you have "Plants vs. Zombies" installed as an app in your Google Chrome browser? Or a third-party browser search bar?

Odds are that your company's IT department didn’t specifically authorize the installation of such applications and plug-ins. If that's the case, then they're termed "grayware," and believe it or not, they can pose a serious threat to corporate network security.

Grayware applications aren't actually viruses or other forms of malware. In most cases, they're common pieces of software that enable real-time communication. Other examples of grayware include messaging apps such as Google Talk or eBuddy, dozens of Twitter add-ons and utilities that track weather or stocks. All are "passive" applications that are fed and updated from a cloud network.

Just under the radar, but talking to the whole world

The passive nature of grayware applications lets them often go unnoticed in corporate networks, which partly explains their widespread use by office workers. Recent surveysshow that grayware can constitute a substantial percentage of a workplace's online software.

"Graywares now come in many shapes and sizes," said Michael Xie, chief technology officer and vice president of engineering at Sunnyvale, Calif.-based firewall manufacturer Fortinet. "It is really hard to differentiate them from normal applications, which is the reason why their proliferation rate [today] is higher than ever."

For instance, the thousands of add-ons available for Mozilla Firefox and Chrome act like normal applications. But they actually have links established with cloud servers collecting user information and activity trends. If any of those cloud servers are compromised or infected, malware gets a backdoor right into countless corporate networks.

In such situations, conventional anti-virus software and firewalls are mostly unable to minimize vulnerability. Cutting off grayware applications' Internet access might result in the termination and interruption of other, authorized, Internet-facing applications.

Security applications can easily tell the difference between "white" (safe) and "black" (malicious) software, but they're still not able to categorize the "grays." The ambiguity might result in deadly breaches for corporate networks in the coming future.

"In the beginning, we were concerned only about types of viruses, and now we have several different breeds of malicious programs, with each having compound identities," Xie said. "The thing is that nobody is concerned about their names and classifications anymore. People just want to get rid of them."

Normally, grayware is not as invasive as malicious Trojans and viruses — it behaves in an entirely different manner. Often, the worst side effect of such software is the gradual installation of small activity-sniffers and spyware programs.

Much grayware comes in the form of add-on browser toolbars that access online third-party services. Their installation requires no approval from network administrators, nor sometimes even the end user.

You might have noticed it yourself — while installing a software update or downloading a package, you get an auto-checked installation dialogue box which, by default, assumes your approval to install a browser toolbars and other “addware” alongside the desired software.

But such add-on toolbars often change the home addresses of Web browsers and redirect invalid browsing requests — typos, basically — to optimized Web pages full of spam and cheap ads. In some cases, those Web pages infect visiting computers with malware.

Hard to avoid, hard to get rid of

Grayware authors often design their applications without proper uninstall features, making them difficult to remove. The applications also capture and analyze user activity for commercial reasons, which can be seen as a breach of privacy and network security.

Grayware often opens parallel communication channels from the user’s computer, channels that share sensitive information about the user and his company's network even while he stays on the primary channel.

And grayware applications gradually increase their runtime system-resource consumption, which drastically decreases the efficiency of end-user computers. If even 40 percent of the machines on a corporate network have heavy grayware activity, IT departments may have to do a complete overhaul and re-design of security parameters on workstations.

"Most of the times, these [grayware applications] are unknowingly downloaded by the users, and once they are installed, the system just treats them as a mere unwanted application establishing outside connections," said Erika Mendoza, threat response engineer at Trend Micro, Inc. "They are made out to be sticky and irritating, but in reality are as dangerous as malwares and spywares."

Seeing in black and white

There's an old saying among IT professionals that "the only secure computer is one that's unplugged.” The prevalence of grayware not only confirms that maxim, but also shows how helpless information security can become with rapid technological advancement.

Fortunately, there are ways to avoid the risks of grayware. Be extra-attentive when updating software. Check with your corporate IT department before installing messaging or entertainment applications. And always remember that if someone's giving away software for free, they'll usually want something in return.

SecurityNewsDaily Contributor