spyware adware tim altimus bassel kateeb n.
Skip this Video
Loading SlideShow in 5 Seconds..
…::::Spyware / Adware::::… Tim Altimus Bassel Kateeb PowerPoint Presentation
Download Presentation
…::::Spyware / Adware::::… Tim Altimus Bassel Kateeb

Loading in 2 Seconds...

play fullscreen
1 / 36

…::::Spyware / Adware::::… Tim Altimus Bassel Kateeb - PowerPoint PPT Presentation

  • Uploaded on

…::::Spyware / Adware::::… Tim Altimus Bassel Kateeb. Spyware. Definition – Spyware: software programs made by unscrupulous marketing companies that allow them to snoop on user’s browsing activity, see purchases made, and cause pop-up ads to appear

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

…::::Spyware / Adware::::… Tim Altimus Bassel Kateeb

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. …::::Spyware / Adware::::… Tim Altimus Bassel Kateeb

    2. Spyware • Definition – Spyware: software programs made by unscrupulous marketing companies that allow them to snoop on user’s browsing activity, see purchases made, and cause pop-up ads to appear • Spyware is any software program that sends data back to a third party without asking you for permission. • Eclipsed viruses as the fastest growing online threat • Infecting nearly 90% of Internet connected PCs

    3. Unaware of Spyware • Not enough companies making security high priority • Businesses that focus on threat still lack clear policies • Companies failing to identify exactly where money needs to be spent • Survey conducted for Secure Computing • Three quarters of US firms do not consider spyware to be a problem • Most do not see unauthorized employee use of peer-to-peer file sharing services or instant messaging as major problems

    4. Horror of Spyware • 2004 Spy Audit conducted by ISP Earthlink and online privacy firm Webroot Software • Instances of spyware infections on consumer PCs rose 230% • Instances of Trojans rose 114% • This is only between October 2004 to December 2004 • Scan of 1,390,883 PCs in 4thQ 2004 revealed 33,096,255 instances of spyware and adware • Spy Audit recorded a yearly total of 116.5 million instances of spyware and adware

    5. Costs of Spyware • Viruses, worms and Trojans, cost global businesses between $169bn and $204bn in 2004 • $281 to $340 worth of damage per machine

    6. How did I get it? • Spyware can infect your system in many different ways • Visiting a spy-spreading web site • Opening a spy-carrying email attachment • Downloading a spy as part of another (often "free") software program • Use file-sharing programs like KaZaa / eMule • Traditional anti-virus programs and firewalls don't offer protection from invasive and harmful Spyware programs that can manifest themselves in many ways on your PC

    7. Spyware Variants • Browser Helper Object • Small program installed on PC and runs within a browser • Usually installed on system by another software program • Toolbar accessories • Tracks internet usage and collects other information that is used on the internet

    8. Spyware Variants (cont) • Browser Hijackers • Related to homepage hijackers (discussed later) • Kick in when bad, wrong, or misspelled URL is typed in browser • …or by visiting a targeted website • Tracks internet usage and collects other information that is used on the internet • Redirect page to a search engine or a page of ads • May also route all website requests through an unknown third-party for tracking • Leads to invasion of privacy, and dramatic slow down of browser

    9. Spyware Variants (cont) • Dialers • Install themselves to dial-up settings • Dials numbers without user’s knowledge • Once downloaded, user is disconnected from their Internet service provider and another phone number is dialed • User is billed for the time used • Malicious in nature and can rack up expensive and unwanted bills

    10. Spyware Variants (cont) • Drive-by downloads • Downloads that are accomplished by providing a misleading dialogue box or other stealth installation • Very often, users have no idea they have installed an application • Internet Explorer exploitsmake it possible to install software without users' knowledge • Drive-by downloads can be prevented by good spyware applications by monitoring computer memory

    11. Spyware Variants (cont) • Homepage Hijacking • Most common of all spyware variants • Browser homepage is forcibly changed to new website without user’s permission • They prevent users from changing their homepage back by: • Disabling functionality in “options” menu setting • Installing some type of program that will regularly switch it back to the forced site • Even if user is able to reset homepage, upon reboot it will be reset to the Homepage Hijacker setting • Hijackers may also route all of website requests through an unknown third-party for tracking • Leads to invasion of privacy, and dramatic slow down of browser

    12. Spyware Variants (cont) • Keyloggers • Program that records keystrokes the user types in on the keyboard • They record this information in a log and then usually send that log to a server with user information • Keyloggers can record information such as • Passwords • Credit Card information • Personal ID numbers • Highly invasive and are a major threat on the internet

    13. Spyware Variants (cont) • Layered Service Provider • Piece of software that is tightly woven into the networking services of a computer • LSP integrates itself with the TCP/IP layer of the network • As a consequence, LSP has access to all TCP/IP traffic coming into and leaving a computer • Spyware authors use LSP to spy on the habits and data of the user • It is possible to change information so that the spyware vendor benefits since computer will not see any of the data until the LSP lets it through • E.g. replacing the top Google search results with links to paid advertisers

    14. Spyware Variants (cont) • Layered Service Provider (cont) • Trying to remove the LSP without the proper precautions may cause the computer to be unable to reconnect to the internet • Many times, the only fix is to reinstall OS • Or, use of automated spyware removal tools is highly recommended

    15. Spyware Variants (cont) • Retrospies • Software that actively attacks anti-spyware programs in an effort to not be detected • May disguise themselves by using common system file names • Malicious and usually use many types of deception in order to avoid detection

    16. Spyware Variants (cont) • Search Hijackers • Take control over default search engine • In the event of a mistype, a targeted search page will pop-up rather than the search engine preferred • Targeted search page will generally include many advertisements and will deliver mostly advertising content rather then relevant search results

    17. Spyware Variants (cont) • Thiefware • Causes visitors to certain sites to be redirected to a search engine or other web page of the author's choosing • Not illegal, although it is highly unethical • Trojan Horses • Programs that appear to be innocuous even beneficial, but are actually harmful • The harmful contents could be anything from a virus to a tool which allows outside users to take over full control of a computer • Trojans are designed to cause loss or theft of computer data, or even to destroy the system • Distributed as email attachments, or bundled with other software programs

    18. Adware • Definition - Adware: any software program that causes advertising banners to be displayed to the user • Adware helps recover programming development costs, and helps to hold down the price of the application for the user • Come mostly with freeware or shareware applications (Opera, KaZaa, iMesh, etc.) • Common Adware: Gain, Hotbar, BonziBuddy, WeatherCast, Cydoor • Some are harmless, but most track user’s habits and personal information

    19. Adware (cont) • Sample Common Types • About:Blank (CoolWebSearch) • Most insidious and prevalent spyware programs currently on the net • Nearly impossible to remove • Replaces home page with a new one titled about:blank • Installs Browser Helper Object in IE, slowing down performance drastically • Restores file directory and registry settings once deleted • If removed from auto-start settings, it will restore itself • BargainBuddy • BHO that displays popup ads when particular terms are entered into search engine web form • Shares memory that browser uses, detects events, creates additional windows while surfing, and monitors activity

    20. Adware (cont) • Sample Common Types (cont) • Claria • Top Adware pest found on the internet • Injects ads into browser or displays them on their own popup windows • Consumes over 13Mb of disk space on average • Re-brand of what was formally known as "Gator" • NewDotNet • Company that sells alternate top-level domains not supported in the official DNS system • Internet Explorer plug-in that gives the appearance of providing extra top-level domains (.shop, .xxx and .mp3, for example) • Functionality of this product does not adhere to most Internet standard

    21. Spyware Effects on Computers • Consumes resources on PC • Slows it down • Causes it to crash • Interferes with web browser, slowing it down or causing downloads to fail • Can hijack browser, redirecting users to sites with objectionable material • Slows down internet connection because it is sending information about surfing habits to ad companies • They in turn target users with popup ads that fit preferences

    22. Spyware Effects on Organizations • Infected PCs can cause organizations a lot of money on cleaning or installing PC OS and software all over again • Most dangerous effect of spyware is data security being stolen or jeopardized • Traces of spyware/adware can trigger alarm by audit software and suspension or firing of innocent employees

    23. Stories I • Browser hijacking changes lives • Jack was fired by his organization for finding traces of child pornography • He was completely innocent • Typed wrong URL in browser and his computer was taken over by spyware • Cleaned his PC with spyware removal tools, but traces were left • Received 180 days in jail and must register as a sex offender for 10 years • Husband found male child pornography on wife’s home PC • Sadly, he did not believe her and they ended a 5 year marriage • She lost custody of her children

    24. Latest Threats I • Hackers Use DRM To Plant Massive Amounts Of Spyware • Microsoft's Windows Media Player digital rights management • Two new Trojan horses • WmvDownloader.a • WmvDownloader.b • Planted in video files available on eMule & KaZaA • WMP 10/WinXP anti-piracy features trick users • Pretend to download license, actually downloading large number of adware, spyware, dialers, and other viruses • According to Kaspersky Labs, a single “Yes” click = 58 folders, 786 files, and an incredible 11,915 registry entries

    25. Detection Techniques • Most anti-spyware tools focus on HD • Search for known spyware in: • Specific folders • Specific registry keys • If process is in memory, may not be removed • Depends on a list of known spyware – called spyware definitions • Requires software tool to update list • Can delete legitimate folders/registry keys • needed for legitimate applications to run

    26. Detection Techniques (cont) • Search for processes running in memory • Some processes run hidden (i.e. Cool Web Search) • Some processes run as system level events that you cannot remove (permissions problem) • Start in safe-mode to prevent processes from loading as critical system events • Still depends on definitions

    27. Detection Techniques (cont) • Anomaly Detection / Pattern Matching • Continuously monitor the system for suspicious events • Processes using backchannels on the internet connection • Processes that are collection system event data • A heuristic approach • Possibility of false positives/negatives • Can miss ‘legitimate seeming’ traffic or activity

    28. Detection Techniques (cont) • Monitor all outgoing traffic • Firewalls can scan for certain types of traffic • Watch for sensitive or personal data • Will block the traffic and create log files • Check log files to find info on what processes are sending data • Limited approach – valid only for narrow definition of spyware • Does not catch adware and other less malicious code

    29. Detection Techniques (cont) • Scan for unsigned system files • Scan for newly created files • Disk and network performance monitors can be used as alerts to the presence of spyware

    30. Removal Tools • Free packages • Usually only detect/remove adware • Adaware : www.lavasoft.com • Spybot Search & Destroy: www.safer-networking.org • Ad infinitum • Commercial packages • Many work against key loggers, not just adware • Spy Sweeper: www.webroot.com • Spycop: www.spycop.com • And on and on and on…

    31. Removal Methods • Delete files • Delete registry keys • End process and delete source • Strip malicious code • Remove from image file (similar to cleaning a legitimate file that has a virus) • After removal – change settings that may need reset – Cool Web example: homepage

    32. Prevention Methods • Abstinence… • Best way to stay clean is not to download the spyware in the first place • Do not download/install free applications • Do not visit untrusted websites • Update software • XP SP2 • Internet explorer critical patches • Firefox/Mozilla – get latest version

    33. Prevention Methods (cont) • Turn off browser features • Take advantage of security tools built in • Restricted sites in IE, disable ActiveX, javascript, etc • Immunize • Many removal tools offer immunization • List of thousands of websites to be placed in restricted list • List of processes to prevent from running, files to be installed • Prevent homepage from being changed • Firewall to prevent software from “phoning home” • Run in non-admin environment to prevent software from being installed in background

    34. Prevention Methods (cont) • Some anti-spyware tools will use behavioral rules to prevent the spyware from reaching your system • Same as or similar to IDS for PC

    35. The Future • Stealware • Hijacking cookies for profit • Spyware that removes/disables anti-spyware software • Radlight • Edit definition file to remove name from list • Base for large attack • Could place backdoor in Office source code

    36. The Future (cont) • Spyware building kits • Customize spyware for your needs • Harder to detect & remove • Anti-anti spyware • Disable protective measures