1 Lab 12: Spyware A Window’s User’s Worst Nightmare.
-
Upload
ezra-mcdaniel -
Category
Documents
-
view
216 -
download
0
Transcript of 1 Lab 12: Spyware A Window’s User’s Worst Nightmare.
1
Lab 12: Spyware
A Window’s User’sWorst Nightmare
ECE 4112-Internetwork Security 2
Agenda
• Definition
• The Basics
• Various Threats
• Countermeasures
• Prevention Techniques
ECE 4112-Internetwork Security 3
Definitions
• “Any software which employs a user’s Internet connection in the background without their explicit permission.”
• “Consists of computer software that gathers and reports information about a computer user without the user's knowledge or consent”
ECE 4112-Internetwork Security 4
Who uses Spyware?
• Marketing Companies Retrieve Consumer Data
• Criminals Identity Theft Sell Credit Card Numbers Steal Passwords
ECE 4112-Internetwork Security 5
Who uses Spyware?
• Monitoring: Parents monitoring their children Businesses monitoring employees Government monitoring citizens
• Freeware Generate Revenue from Advertising
ECE 4112-Internetwork Security 6
The Problem
• Over 85% over PC’s have Spyware
• Spyware Includes: Adware Key Loggers Data Miners
ECE 4112-Internetwork Security 7
Various Threats
• Hijacking Spyware:
• Takes Over Internet Explorer Often in the form of a toolbar Changes homepage Redirect traffic to advertisers Popup targeted ads
Severely Hijacked Browser
ECE 4112-Internetwork Security 9
Known Offenders
• Kazaa Currently biggest propagator of Spyware Installs: New.net, Onflow, Cydoor, etc.
• Gator/GAIN Tracks user’s internet activity and reports back Delivers targetted popups
ECE 4112-Internetwork Security 10
Known Offenders
• WeatherBug
• BargainBuddy
• Even Big Companies: Microsoft’s Windows Media Player RealNetworks’ RealPlayer
– Both of these record and transmit info about the music the user is playing
ECE 4112-Internetwork Security 11
Anti-Spyware Packages
• Ad-Aware
• SpyBot Search & Destroy
• Microsoft Antispyware
• Hijackthis
ECE 4112-Internetwork Security 12
How Spyware is Detected
• Similar to Viruses/Worms
• Spyware Signature Signature of Files Hash of Running Processes Signature of Registry Entries
• Must keep definition files up to date
ECE 4112-Internetwork Security 13
How Spyware is Removed
• Automatic Removal with Anti-Spyware Doesn’t always work
• Manual Removal Often requires help from a Spyware database Kill processes Delete registry entries Delete files
ECE 4112-Internetwork Security 14
Security Settings
• Disable ActiveX
• Disable Java
• Disable Scripting
• Disable Popups
• Don’t use Internet Explorer Use Firefox
ECE 4112-Internetwork Security 15
Common Sense
• A lot of Spyware comes packaged with shareware Read the EULA to see if any hidden programs are
installed Check an online Spyware database Read user reviews
ECE 4112-Internetwork Security 16
What you will do in the Lab
• Install and Use Anti-Spyware Utilities Ad-Aware, SpyBot, Hijackthis
• Install Spyware Bundled Spyware – Gator WeatherBug Analyze EULA of Spyware
ECE 4112-Internetwork Security 17
What you will do in the Lab
• Analyze Spyware Footprints Registry entries File contents
• Analyze a Scripting Vulnerability IE Default Security Settings
• Block Spyware Traffic Edit Windows host file
ECE 4112-Internetwork Security 18
Resources
• http://www.cexx.org/adware.htm
• http://www3.ca.com/securityadvisor/pest/
• http://web.njit.edu/~bieber/CIS677F04/stafford-spyware-cais2004.pdf
• http://www.spywaredata.com