1 Lab 12: Spyware A Window’s User’s Worst Nightmare.

1

Lab 12: Spyware

A Window’s User’sWorst Nightmare

ECE 4112-Internetwork Security 2

Agenda

• Definition

• The Basics

• Various Threats

• Countermeasures

• Prevention Techniques


Definitions

• “Any software which employs a user’s Internet connection in the background without their explicit permission.”

• “Consists of computer software that gathers and reports information about a computer user without the user's knowledge or consent”


Who uses Spyware?

• Marketing Companies Retrieve Consumer Data

• Criminals Identity Theft Sell Credit Card Numbers Steal Passwords


Who uses Spyware?

• Monitoring: Parents monitoring their children Businesses monitoring employees Government monitoring citizens

• Freeware Generate Revenue from Advertising


The Problem

• Over 85% over PC’s have Spyware

• Spyware Includes: Adware Key Loggers Data Miners


Various Threats

• Hijacking Spyware:

• Takes Over Internet Explorer Often in the form of a toolbar Changes homepage Redirect traffic to advertisers Popup targeted ads

Severely Hijacked Browser


Known Offenders

• Kazaa Currently biggest propagator of Spyware Installs: New.net, Onflow, Cydoor, etc.

• Gator/GAIN Tracks user’s internet activity and reports back Delivers targetted popups


Known Offenders

• WeatherBug

• BargainBuddy

• Even Big Companies: Microsoft’s Windows Media Player RealNetworks’ RealPlayer

– Both of these record and transmit info about the music the user is playing


Anti-Spyware Packages

• Ad-Aware

• SpyBot Search & Destroy

• Microsoft Antispyware

• Hijackthis


How Spyware is Detected

• Similar to Viruses/Worms

• Spyware Signature Signature of Files Hash of Running Processes Signature of Registry Entries

• Must keep definition files up to date


How Spyware is Removed

• Automatic Removal with Anti-Spyware Doesn’t always work

• Manual Removal Often requires help from a Spyware database Kill processes Delete registry entries Delete files


Security Settings

• Disable ActiveX

• Disable Java

• Disable Scripting

• Disable Popups

• Don’t use Internet Explorer Use Firefox


Common Sense

• A lot of Spyware comes packaged with shareware Read the EULA to see if any hidden programs are

installed Check an online Spyware database Read user reviews


What you will do in the Lab

• Install and Use Anti-Spyware Utilities Ad-Aware, SpyBot, Hijackthis

• Install Spyware Bundled Spyware – Gator WeatherBug Analyze EULA of Spyware


What you will do in the Lab

• Analyze Spyware Footprints Registry entries File contents

• Analyze a Scripting Vulnerability IE Default Security Settings

• Block Spyware Traffic Edit Windows host file


Resources

• http://www.cexx.org/adware.htm

• http://www3.ca.com/securityadvisor/pest/

• http://web.njit.edu/~bieber/CIS677F04/stafford-spyware-cais2004.pdf

• http://www.spywaredata.com

http://www.cexx.org/adware.htm

http://www3.ca.com/securityadvisor/pest/

http://web.njit.edu/~bieber/CIS677F04/stafford-spyware-cais2004.pdf

http://web.njit.edu/~bieber/CIS677F04/stafford-spyware-cais2004.pdf

http://www.spywaredata.com/

1 Lab 12: Spyware A Window’s User’s Worst Nightmare.

Documents

Transcript of 1 Lab 12: Spyware A Window’s User’s Worst Nightmare.