SpyWare! IQxplorer
Agenda <ul><li>Define SpyWare </li></ul><ul><li>Discuss methods used for spying </li></ul><ul><li>Focus on passive trackin...
SpyWare Definition <ul><li>SpyWare is a general term used to describe software that performs certain behaviors such as adv...
SpyWare Categories <ul><li>Advertising (Passive) </li></ul><ul><ul><li>Capture browsing history </li></ul></ul><ul><ul><li...
SpyWare Statistics <ul><li>90% of all internet connected machines are infected </li></ul><ul><li>~28 SpyWare traces on eac...
Passive Tracking Methods <ul><li>Web Beacons </li></ul><ul><li>Cookies deposits </li></ul>
Web Beacons <ul><li>Also know as  </li></ul><ul><ul><li>Web Bugs </li></ul></ul><ul><ul><li>Clear GIFs </li></ul></ul><ul>...
Cookie Fields Parameter Description Name The name of the cookie.   Value The value of the cookie.   Expire The time the co...
Web Beacon w/Cookie Example:  spywareWebBeaconCookieDeposit.html <ul><li><html> </li></ul><ul><li><head> </li></ul><ul><li...
Server Code serverWebBeacon.php <ul><li><?php  </li></ul><ul><li>if (!(isset($_COOKIE[&quot;SpyCookie&quot;]))){  </li></u...
Cookie Capture File <ul><li>[cdshort@windom public_html]$ cat cookieCapture.txt </li></ul><ul><li>SpyCookie : ISpyOnYou : ...
 
Packet Capture
Conclusions <ul><li>Browser settings can prevent cookie deposit  </li></ul><ul><li>Be careful what you download </li></ul>...
Questions?
References <ul><li>http://www.php.net/manual/en/function.setcookie.php </li></ul><ul><li>http://cs.uccs.edu/~cs301/php/php...
Upcoming SlideShare
Loading in...5
×

Spyware

808

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
808
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
51
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Spyware

  1. 1. SpyWare! IQxplorer
  2. 2. Agenda <ul><li>Define SpyWare </li></ul><ul><li>Discuss methods used for spying </li></ul><ul><li>Focus on passive tracking methods </li></ul><ul><li>Demonstrate one passive method </li></ul><ul><li>Discuss prevention </li></ul><ul><li>Conclusions </li></ul>
  3. 3. SpyWare Definition <ul><li>SpyWare is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first. </li></ul><ul><li>http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx </li></ul>
  4. 4. SpyWare Categories <ul><li>Advertising (Passive) </li></ul><ul><ul><li>Capture browsing history </li></ul></ul><ul><ul><li>Capture buying habits </li></ul></ul><ul><li>Surveillance (Active) </li></ul><ul><ul><li>Key loggers </li></ul></ul><ul><ul><li>System Monitors </li></ul></ul>
  5. 5. SpyWare Statistics <ul><li>90% of all internet connected machines are infected </li></ul><ul><li>~28 SpyWare traces on each machine </li></ul><ul><li>1/3 infected with surveillance SpyWare </li></ul><ul><li>80% of infections were cookies </li></ul>
  6. 6. Passive Tracking Methods <ul><li>Web Beacons </li></ul><ul><li>Cookies deposits </li></ul>
  7. 7. Web Beacons <ul><li>Also know as </li></ul><ul><ul><li>Web Bugs </li></ul></ul><ul><ul><li>Clear GIFs </li></ul></ul><ul><li>Allows destination to log page hits </li></ul><ul><li>Can be used in conjunction with cookies </li></ul>
  8. 8. Cookie Fields Parameter Description Name The name of the cookie. Value The value of the cookie. Expire The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. In other words, you'll most likely set this with the time() function plus the number of seconds before you want it to expire. Path The path on the server in which the cookie will be available. Domain The domain in which the cookie is available Secure When set to TRUE , the cookie will only be set if a secure connection exists. The default is FALSE . httponly When TRUE the cookie will be made accessible only through the HTTP protocol. Not supported on all browsers
  9. 9. Web Beacon w/Cookie Example: spywareWebBeaconCookieDeposit.html <ul><li><html> </li></ul><ul><li><head> </li></ul><ul><li><title>Web Beacon Cookie Deposit Example</title> </li></ul><ul><li></head> </li></ul><ul><li><body> </li></ul><ul><li><h1><b>Web Beacon Cookie Deposit Example:</b></h1> </li></ul><ul><li><hr /> </li></ul><ul><li><img src=&quot;http://www.cs.uccs.edu/~cdshort/serverWebBeacon.php&quot; alt=&quot;Picture&quot; width=&quot;0&quot; height =&quot;0&quot; border = &quot;0&quot; /> </li></ul><ul><li></body> </li></ul><ul><li></html> </li></ul>
  10. 10. Server Code serverWebBeacon.php <ul><li><?php </li></ul><ul><li>if (!(isset($_COOKIE[&quot;SpyCookie&quot;]))){ </li></ul><ul><li>setcookie(&quot;SpyCookie&quot;, &quot;ISpyOnYou&quot;, time()+3600); </li></ul><ul><li>} </li></ul><ul><li>?> </li></ul><ul><li><html> </li></ul><ul><li><head> </li></ul><ul><li><title>PHP Test</title> </li></ul><ul><li></head> </li></ul><ul><li><body> </li></ul><ul><li><?php </li></ul><ul><li>$filename = 'cookieCapture.txt'; </li></ul><ul><li>$today = date(&quot;D M j G:i:s T Y&quot;); </li></ul><ul><li>$Content = &quot;SpyCookie&quot; . &quot; : &quot; . &quot;$_COOKIE[SpyCookie]&quot; . &quot; : &quot; . &quot;$today &quot;; </li></ul><ul><li>if($handle = fopen($filename, 'a')){ </li></ul><ul><li>fwrite($handle, $Content); </li></ul><ul><li>fclose($handle); </li></ul><ul><li>} </li></ul><ul><li>?> </li></ul><ul><li></body> </li></ul><ul><li></html> </li></ul>
  11. 11. Cookie Capture File <ul><li>[cdshort@windom public_html]$ cat cookieCapture.txt </li></ul><ul><li>SpyCookie : ISpyOnYou : Fri Dec 1 18:30:17 MST 2006 </li></ul><ul><li>SpyCookie : ISpyOnYou : Fri Dec 1 18:30:38 MST 2006 </li></ul><ul><li>[cdshort@windom public_html]$ </li></ul>
  12. 13. Packet Capture
  13. 14. Conclusions <ul><li>Browser settings can prevent cookie deposit </li></ul><ul><li>Be careful what you download </li></ul><ul><ul><li>Don’t open the door willingly </li></ul></ul><ul><li>The use of cookies is fundamental </li></ul><ul><ul><li>The information provided is minimal </li></ul></ul>
  14. 15. Questions?
  15. 16. References <ul><li>http://www.php.net/manual/en/function.setcookie.php </li></ul><ul><li>http://cs.uccs.edu/~cs301/php/php.html </li></ul><ul><li>Tzu-Yen Wang, Shi-Jinn Horng, Ming-Yang Su, Chin-Hsiung Wu,Peng-Chu Wang and Wei-Zen Su. A Surveillance Spyware Detection System Based on Data Mining Methods. 2006 IEEE Congress on Evolutionary Computation. </li></ul><ul><li>http://www.allaboutcookies.org/web-beacons/ </li></ul><ul><li>Wes Ames, Understanding Spyware: Risk and Response, 2004 IEEE IT Pro </li></ul><ul><li>http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx </li></ul><ul><li>http://www.earthlink.net/about/press/pr_spyAudit/ </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×