2. Spyware
What Is spyware ?
Spyware Vs Trojan horse
Spyware Vs Virus
Computer Get Infected
Spyware Symptoms
Spyware Prevalence
Class of Spyware
Spyware Programs
FTC
State Law
Preventive Techniques
3. What Is Spyware ?
Applications that send information from your
computer to the creator of the spyware
Sometimes consists of an apparent core
functionality and a hidden functionality of
information gathering (Trojan)
Can be used by web sites for marketing
information, to determine their stance with
regard to competitors and market trends
Can also be used to log keystrokes and send
those to whomever
4. What Is Spyware ?
Software or hardware installed on a computer without
the user's knowledge which gathers information about
that user for later retrieval by whomever controls the
spyware.
Spyware can be broken down into two different
categories:
surveillance spyware
advertising spyware.
5. What Is Spyware ?
Surveillance software:
Includes key loggers, screen capture devices, and Trojans.
These would be used by corporations, private detectives, law
enforcement, intelligence agencies, suspicious spouses.
Advertising spyware:
Software that is installed alongside other software or via active x
controls on the internet, often without the user's knowledge, or
without full disclosure that it will be used for gathering personal
information and/or showing the user ads.
Advertising spyware logs information about the user, possibly
including passwords, email addresses, web browsing history,
online buying habits, the computer's hardware and software
configuration, the name, age, sex,etc.
6. What Is Spyware ?
software that is downloaded onto a person’s computer without
their knowledge. Spyware may collect information about a
computer user’s activities and transmit that information to
someone else. It may change computer settings, or cause
“pop-up” advertisements to appear (in that context, it is called
“adware”). Spyware may redirect a Web browser to a site
different from what the user intended to visit, or change the
user’s home page. A type of spyware called “keylogging”
software records individual keystrokes, even if the author
modifies or deletes what was written, or if the characters do
not appear on the monitor. Thus, passwords, credit card
numbers, and other personally identifiable information may be
captured and relayed to unauthorized recipients.
7. Spyware Vs Trojan Horse
Spyware programs are sometimes installed as Trojan
horses of one sort or another.They differ in that their
creators present themselves openly as businesses, for
instance by selling advertising space on the pop-ups
created by the malware. Most such programs present
the user with an End-User License Agreement which
purportedly protects the creator from prosecution under
computer contaminant laws. However, spyware EULAs
have not yet been upheld in court.
8. Spyware Vs Virus
Spyware
Motivation Profit
Monitor online activities for commercial gain
Difficult to relate symptoms with spyware infection:
Sluggish PC performance, increased pop-up ads,
unexplained home page change, mysterious search
results.
New technology (less than 5 years)
9. Spyware Vs Virus
Virus
Intent Harmful
Damage computer system, corrupt files and destroy
data
Easy to relate symptoms with virus infecton: Corrupt
program files, loss of computer storage memory,
deletion of critical files.
Old Technology
10. Computers Get Infected
Basic forms of spyware can be picked up simply by visiting a Web
page.
Spyware may also be picked up through email.
You are particularly likely to be exposed by downloading software, in
particular "freeware" and "shareware" offerings.
Many software downloads are "free," but within the End User
License Agreement (EULA) are provisions to use information from
your computer or your email and other contact information. You
have to agree to the EULA to download or install, so you essentially
agree to allowing someone else to use information about your
computer.
That's why the definition of spyware is "generally without your
knowledge or consent." Often, you've consented. You just don't
realize it because you didn't read the fine print. This is why the
definition of spyware sometimes includes the lawyerism "potentially
unwanted technologies."
11. Spyware Symptoms
Adware forms of spyware often operate silently, monitoring your Web
surfing activities and reporting back what sites you have visited to
a marketing organization. Others display "pop-up" ads on your computer's
desktop or on top of other Web pages.
More aggressive spyware will reset your browser's home page (the page
that appears when the browser starts up), change the service your
browser uses for Web searches, or add new sites to your favorites list. Or
produce even more invasive advertisements.
The most damaging spyware programs can actually install "trojans" --
computer programs which allow other people to remotely access an infected
computer. Such spyware programs can run silently "in the background" and
are capable of doing anything that a typical computer program can do which
does not require your intervention.
Sometimes a spyware-infected computer will run more slowly due to all the
activity going on in the background. But just because your computer seems
to be running at normal speed doesn't mean you are safe.
Increase in system crashes
12. Spayware Prevalence
April 16, 2004; BBC News (UK) - PCs 'infested' with spy
programs. Internet provider EarthLink says it uncovered
29.5 million examples of spyware on over 1 million
computers scanned between January and March. These
parasite programs sometimes come attached to software
downloaded from the Web. The details are often
included in the license agreement small print that most
users click through without reading. But sometimes they
do not even need your permission to download, but just
bury themselves on a hard drive as you browse the
Internet.
13. Spayware Prevalence
In October 2004, America Online (AOL) and the National Cyber
Security Alliance (NCSA) released the results of a survey of 329
dial-up and broadband computer users regarding online threats,
including spyware. According to the study:
80% of the computers they tested were infected with spyware or
adware, and 89% of the users of those computers were unaware of it
the average infected computer had 93 spyware/adware components on
it, and the most found on a single computer was 1,059
most users do not recognize the symptoms of spyware — 63% of users
with a pop-up blocker said they got pop-up ads anyway, 43% of users
said their home page had been changed without their permission, and
40% said their search results are being redirected or changed.
14. Class of Spyware
Tracking Cookies
Browser Hijacking
Hosts File
Home Page
Search Page
Error Pages
Keyloggers
Spybots
Malware
Adware
15. Tracking Cookies
Cookies that can track your Web activities
May include cookies that contain
user names
passwords
other private information that you enter on
web sites (SSN, banking info, credit cards)
16. Browser Hijacking
Hosts File
Redefine the addresses of trusted sources,
i.e. anti-virus tools, software patches and
upgrades
Home Page
Redefine the page that opens up when you
start your browser
17. Browser Hijacking
Search Page
Redefine the page that opens up when you
enter an undefined URL
Redefine the page that opens up when you
click your “Search” button
Error Pages
Redefine the pages that open when an error
occurs.
18. Keyloggers
Were originally designed to record all
keystrokes of users in order to find
passwords, credit card numbers, and other
sensitive information
19. Spybots
Spybots are the prototypical example of
“spyware.” A spybot monitors a user’s behavior,
collecting logs of activity and transmitting them
to third parties.
A spybot may be installed as a browser helper
object, it may exist as a DLL on the host
computer, or it may run as a separate process
launched whenever the host OS boots.
20. Malware & Adware
Malware
Refers to a variety of malicious software, including
viruses, worms, Trojan horses.
Adware
Software that displays advertisements tuned to the
user’s current activity, potentially reporting aggregate
or anonymized browsing behavior to a third party
21. Gator, Cydoor, and eZula
These three are spyware programs
All three are “spybot” or “adware” class
programs
They are typically packaged with popular free
software.
They all send and retrieve information from
remote servers using the HTTP protocol.
22. Gator
Gator is adware that collects and transmits information about
a user’s Web activity.
Goal is to gather demographic information and generate a
profile of the user’s interests for targeted advertisements.
Gator may log and transmit URLs that the user visits, partially
identifying information such as the user’s first name and zip
code, and information about the configuration and installed
software on the user’s machine.
Gator can be installed on a user’s computer in several ways.
When a user installs one of several free software programs
produced by Claria Corporation (the company that produces
Gator), such as a free calendar application or a time
synchronization client
23. Cydoor
Cydoor displays targeted pop-up advertisements
whose contents are dictated by the user’s
browsing history. When a user is connected to
the Internet, the Cydoor client prefetches
advertisements from the Cydoor servers. These
advertisements are displayed whenever the user
runs an application that contains Cydoor,
whether the user is online or offline.
24. eZula
eZula attaches itself to a client’s Web browser and modifies
incoming HTML to create links to advertisers from specific
keywords. When a client is infected with eZula, these artificial
links are displayed and highlighted within rendered HTML. It
has been reported that eZula can modify existing HTML links
to redirect them to its own advertisers, but we have not
observed this ourselves.
It is also known as TopText, ContextPro or HotText.
It is bundled with several popular filesharing applications
(such as Kazaa and LimeWire), and it can also be
downloaded as a standalone tool. eZula runs as a separate
process (ezulamain.exe) and it includes the ability to self-
update
25. FTC Advice to Consumers
The Federal Trade Commission (FTC) issued a consumer alert about
spyware in October 2004 offering a list of warning signs that might indicate
that a computer is infected with spyware. The FTC alert listed the following
clues:
a barrage of pop-up ads;
a hijacked browser — that is, a browser that takes you to sites other than those
you type into the address box;
a sudden or repeated change in your computer’s Internet home page;
new and unexpected toolbars;
new and unexpected icons on the system tray at the bottom of your computer
screen;
keys that don’t work (for example, the “Tab” key that might not work when you try
to move to the next field in a Web form);
random error messages; and
sluggish or downright slow performance when opening programs or saving files
26. FTC Advice to Consumers
The FTC alert also offered preventive actions consumers can take.
update your operating system and Web browser software;
download free software only from sites you know and trust;
don’t install any software without knowing exactly what it is;
minimize “drive-by” downloads by ensuring that your browser’s security setting is
high enough to detect unauthorized downloads;
don’t click on any links within pop-up windows;
don’t click on links in spam that claim to offer anti-spyware software; and
install a personal firewall to stop uninvited users from accessing your computer.
FTC alert advised consumers who think their computers are infected to get
an anti-spyware program from a vendor they know and trust; set it to scan
on a regular basis, at startup and at least once a week; and delete any
software programs detected by the anti-spyware program that the consumer
does not want.
27. State Laws
In March 2004, Utah became the first state to
enact spyware legislation, then California joined
Utah in enacting spyware legislation in 2004.
In 2005 Twelve states enacted spyware
legislation:
Alaska, Arizona, Arkansas, California, Georgia,
Indiana, Iowa, New Hampshire, Texas, Utah, Virginia,
and Washington.
28. Preventive Techniques
Don't install any application unless you are certain of what it does or
where it came from.
Always read the license agreement
Software and OS upgrades
Utilize browser’s security settings
Use Anti-Spyware
Spy Sweeper
Microsoft Windows AntiSpyware
Spyware Doctor
Spyware Slayer
Spy Killer
Spy Remover
