Spyware

SPYWARE PEEYUSH SHARMA 3rd NOVEMBER,2011

TABLE OF CONTENTS

Introduction - : WHAT IS SPYWARE ? how it comes in computer? SPYWARE V/S VIRUS SPYWRAE OBJECTIVES Classification of spyware distribution vectors How to detect if your computer has Spyware/Adware ? spyware defensive strategies spyware example anti-spyware recommendations

What is spyware ? Spyware programs have a tendency to hide

as cookie or temporary internet files

Broad Definition -Software that is installed on my PC without

my full understanding and permission Narrow Definition -Software that specifically tracks my

personal information without my full understanding and permission

HOW IT COMES IN COMPUTER ? SPYWARE

ENTRY

Advertising companies uses spyware to “mine data” to further help them advertise better.

Uses your Internet connection and reports statistical data about you and your surfing habits a 3rd party

Violating your privacy. And is a completely LEGAL

program!

FREE, FREE, FREE = DANGER!!!

SPYWARE V/s VIRUS

Spyware Program

Commercial Revenue Dynamic but

stationary Consume Resources Sometimes Wanted

Virus File Academic Fame Replication Destructive Never Desired

VS

2006 AusCERT Survey

1 in 5 got attacked electronically -Down from 35% in 2005 Virus and Worm infection most common

attack More public sector attack reports than

private sector Of those reporting trojan/rootkitattack

60% were public sector and 40% were private sector

Spyware PrevalenceSource: Except as noted all statistics are from the AOL/NCSA Online Safety Survey Dec. 2005

61%of all PCs scanned had Spyware (down from 80% in 2004 study)

96%of PC users are aware of Spyware The average PC has 93 Spyware componentson it. 54%of infected users were unaware of the Spyware

found on their machines (down from 89% in 2004 study) 95%of infected users did not give permission for the

software identified to be installed on their machines 20%of calls to Dell’s helpdesk are Spyware related

(source: Dell) Microsoft estimates that 50%of all PC crashes are a

result of Spyware (Source:InformationWeek April 26, 2004)

Reason for Spyware: Money is the Driver

Adware is created by real businesses -They have business plans, sophisticated

development groups, and venture capital

-They generate revenue Spyware is created by real businesses (and

sometimes.. organized crime) -They have business plans, and sophisticated

development groups -They generate revenue Competition! They all want your desktop.

Spyware Objectives

Personal Identifiable Information collection -Identity theft = revenue Personal Information collection -Surfing habits = revenue Click-through revenue Software Sales revenue SPAM propagation -Sales Revenue

The bottom line is the bottom line $$$.

Spyware Classification

Adware BHO Keylogger Hijacker -Browser -Homepage -Errors -Typo-Squatting Rogue Anti-Spyware Dialer Tracking Cookie Ransomware

Distribution or Infection Vectors

Social Engineering -Free giveaways of bundled apps -Deceptive installations Drive-by-Download -WMF exploit -CreateTextRangeexploit -Hostile ActiveX or Javascript Trojan Install Search Engine Results/ Sponsored Ads

How to detect you computer has spyware or adware…….. Continuous popups Persistent change in your homepage. Slower computer processing, takes the computer

longer to process or startup.

Extreme symptoms of spyware… Internet browser does

not start up. Parts of your computer

you cannot access without freezing.

Major core data is lost or changed.

How SpywareProtects Against Detection and/or Removal

Polymorphism No-uninstall Active Defense with Reinstallation Rootkit Brand Obscurity Security Product Disabling

Examples

Cool WebSearch Spy Sherriff via WMF Exploit Create TextRange Exploit Code Crypt. Aand Ransom.A Social Engineering TypoSquatting

Recommendations-: Preventing spyware from getting

onto your computer is your first step!

Do not download unnecessary software from the internet, especially free ones because they most likely have spyware inside them. If a download screen appears, asking you to confirm

your download, click no if you not trying to install anything.

Avoid clicking advertised popups especially ones that mention “free” stuff if possible.

Recommendations-:

Technical Recommendations

Some adware/spyware files like to hide in the temporary internet folders. Disable saving of temporary files by going to Program Files, Control Panel,

Network and Internet Connections, Internet Options, Temporary Internet Files Settings, Check Never under “Check for Newer Version of Stored Pages”.

Constantly delete old temporary files and cookies by going to Program Files, Control Panel, Network and Internet Connections, Internet Options, Delete Cookies and Delete Temporary Files.

Remember though, adware and spyware can be tricky, no matter how cautious you are, there are bound to be adware or spyware programs that install into your computer. Always constantly scan your computer for adware and spyware and keep your

Adware/Spyware killer programs fully updated at all times.

Recommendations-: Recommended Spyware/ Adware Killers without any restraints

The “Tri-Killer” combination: Ad-aware 6.0 Professional Edition: Primary scanner Spy-sweeper paid version: Primary scanner and use their immune guards. Spybot Free Edition: Scan for any spyware Spy-Sweeper may have missed.

Recommended Spyware/ Adware Killers with a price restraints Ad-aware 6.0 Free Edition: Primary Scanner Spy-Sweeper paid version: Primary Scanner Spybot Free Edition: Scan for any spyware Spy-Sweeper may have missed

Recommended Spyware/ Adware Killers with a time restraints (not recommended)

Ad-aware 6.0 Free Edition: Primary Scanner: Fast Scan Mode Spybot Free Edition: Suggestion: Spyware/ Adware killers are suppose to take time to scan, if you have time

restraints, turn on the scanners, leave them running and go do something.

Thank you for watching!

Any questions please ask!