2. What Is Spyware ?
Applications that send information
from your computer to the creator of
the spyware
Can be used by web sites for
marketing information, to determine
their stance with regard to
competitors and market trends
3. What Is Spyware?
Software or hardware installed on a
computer without the user's knowledge
which gathers information about that
user for later retrieval by whomever
controls the spyware.
Spyware can be broken down into two
different categories.
4. What Is Spyware?
Surveillance software:
Includes key loggers, screen capture
devices, and Trojans. These would be
used by corporations, private
detectives, law enforcement,
intelligence agencies, suspicious
spouses.
5. What Is Spyware?
Advertising spyware:
Software that is installed alongside other
software or via active x controls on the
internet, often without the user's
knowledge, or without full disclosure
that it will be used for gathering personal
information and/or showing the user ads.
6. What Is Spyware?
Advertising spyware logs information
about the user, possibly including
passwords, email addresses, web
browsing history, online buying habits,
the computer's hardware and software
configuration, the name, age, sex,etc.
8. Spyware Symptoms
Adware forms of spyware often operate
silently. Others display "pop-up" ads on your
computer's desktop or on top of other Web
pages.
More aggressive spyware will reset your
browser's home page.
The most damaging spyware programs can
actually install "trojans" -- computer
programs which allow other people to
remotely access an infected computer.
10. Tracking Cookies
Cookies that can track your Web
activities
May include cookies that contain
user names
passwords
other private information that you enter on
web sites (SSN, banking info, credit cards)
11. Browser Hijacking
Hosts File
Redefine the addresses of trusted sources,
i.e. anti-virus tools, software patches and
upgrades
Home Page
Redefine the page that opens up when you
start your browser
12. Browser Hijacking
Search Page
Redefine the page that opens up when you
enter an undefined URL
Redefine the page that opens up when you
click your “Search” button
Error Pages
Redefine the pages that open when an
error occurs.
13. Keyloggers
Were originally designed to record
all keystrokes of users in order to
find passwords, credit card numbers,
and other sensitive information
14. Spybots
Spybots are the prototypical example of
“spyware.” A spybot monitors a user’s
behavior, collecting logs of activity and
transmitting them to third parties.
A spybot may be installed as a browser helper
object, it may exist as a DLL on the host
computer, or it may run as a separate process
launched whenever the host OS boots.
15. Malware & Adware
Malware
Refers to a variety of malicious software,
including viruses, worms, Trojan horses.
Adware
Software that displays advertisements tuned
to the user’s current activity, potentially
reporting aggregate or anonymized
browsing behavior to a third party
16. Gator, Cydoor, and eZula
All three are “spybot” or “adware” class
programs
They are typically packaged with popular
free software.
They all send and retrieve information
from remote servers using the HTTP
protocol.
17. Gator
Gator is adware that collects and transmits
information about a user’s Web activity.
Gator may log and transmit URLs that the user
visits, identifying information such as the user’s first
name and zip code, and information about the
configuration and software on the user’s machine.
When a user installs one of several free software
programs produced by Claria Corporation (the
company that produces Gator), such as a free
calendar application or a time synchronization client
18. Cydoor
Cydoor displays targeted pop-up
advertisements
whose contents are dictated by the user’s
browsing history. When a user is connected to
the Internet, the Cydoor client prefetches
advertisements from the Cydoor servers. These
advertisements are displayed whenever the
user runs an application that contains Cydoor,
whether the user is online or offline.
19. eZula
eZula attaches itself to a client’s Web browser
and modifies incoming HTML to create links to
advertisers from specific keywords. When a
client is infected with eZula, these artificial links
are displayed and highlighted within rendered
HTML. It has been reported that eZula can
modify existing HTML links to redirect them to
its own advertisers, but we have not observed
this ourselves.
20. eZula
It is also known as TopText, ContextPro or
HotText.
It is bundled with several popular filesharing
applications (such as Kazaa and LimeWire),
and it can also be downloaded as a
standalone tool. eZula runs as a separate
process (ezulamain.exe) and it includes the
ability to self-update
21. Preventive Techniques
Don't install any application unless you are
certain of what it does or where it came from.
Always read the license agreement
Software and OS upgrades
Utilize browser’s security settings
Use Anti-Spyware