spyware
Download
Skip this Video
Download Presentation
SpyWare!

Loading in 2 Seconds...

play fullscreen
1 / 16

SpyWare - PowerPoint PPT Presentation


  • 162 Views
  • Uploaded on

SpyWare!. Chuck Short CS522 – Fall 2006 Semester Project Presentation Professor: Dr. C. Edward Chow. Agenda. Define SpyWare Discuss methods used for spying Focus on passive tracking methods Demonstrate one passive method Discuss prevention Conclusions. SpyWare Definition.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'SpyWare' - gabe


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
spyware

SpyWare!

Chuck Short

CS522 – Fall 2006

Semester Project Presentation

Professor: Dr. C. Edward Chow

agenda
Agenda
  • Define SpyWare
  • Discuss methods used for spying
  • Focus on passive tracking methods
  • Demonstrate one passive method
  • Discuss prevention
  • Conclusions
spyware definition
SpyWare Definition
  • SpyWare is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first.

http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx

spyware categories
SpyWare Categories
  • Advertising (Passive)
    • Capture browsing history
    • Capture buying habits
  • Surveillance (Active)
    • Key loggers
    • System Monitors
spyware statistics
SpyWare Statistics
  • 90% of all internet connected machines are infected
  • ~28 SpyWare traces on each machine
  • 1/3 infected with surveillance SpyWare
  • 80% of infections were cookies
passive tracking methods
Passive Tracking Methods
  • Web Beacons
  • Cookies deposits
web beacons
Web Beacons
  • Also know as
    • Web Bugs
    • Clear GIFs
  • Allows destination to log page hits
  • Can be used in conjunction with cookies
web beacon w cookie example spywarewebbeaconcookiedeposit html
Web Beacon w/Cookie Example: spywareWebBeaconCookieDeposit.html

<html>

<head>

<title>Web Beacon Cookie Deposit Example</title>

</head>

<body>

<h1><b>Web Beacon Cookie Deposit Example:</b></h1>

<hr />

<img src="http://www.cs.uccs.edu/~cdshort/serverWebBeacon.php" alt="Picture" width="0" height ="0" border = "0" />

</body>

</html>

server code serverwebbeacon php
Server CodeserverWebBeacon.php

<?php

if (!(isset($_COOKIE["SpyCookie"]))){

setcookie("SpyCookie", "ISpyOnYou", time()+3600);

}

?>

<html>

<head>

<title>PHP Test</title>

</head>

<body>

<?php

$filename = \'cookieCapture.txt\';

$today = date("D M j G:i:s T Y");

$Content = "SpyCookie" . " : " . "$_COOKIE[SpyCookie]" . " : " . "$today\r\n";

if($handle = fopen($filename, \'a\')){

fwrite($handle, $Content);

fclose($handle);

}

?>

</body>

</html>

cookie capture file
Cookie Capture File

[cdshort@windom public_html]$ cat cookieCapture.txt

SpyCookie : ISpyOnYou : Fri Dec 1 18:30:17 MST 2006

SpyCookie : ISpyOnYou : Fri Dec 1 18:30:38 MST 2006

[cdshort@windom public_html]$

conclusions
Conclusions
  • Browser settings can prevent cookie deposit
  • Be careful what you download
    • Don’t open the door willingly
  • The use of cookies is fundamental
    • The information provided is minimal
references
References
  • http://www.php.net/manual/en/function.setcookie.php
  • http://cs.uccs.edu/~cs301/php/php.html
  • Tzu-Yen Wang, Shi-Jinn Horng, Ming-Yang Su, Chin-Hsiung Wu,Peng-Chu Wang and Wei-Zen Su. A Surveillance Spyware Detection System Based on Data Mining Methods. 2006 IEEE Congress on Evolutionary Computation.
  • http://www.allaboutcookies.org/web-beacons/
  • Wes Ames, Understanding Spyware: Risk and Response, 2004 IEEE IT Pro
  • http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx
  • http://www.earthlink.net/about/press/pr_spyAudit/
ad