A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy.

Slides:

Advertisements

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Advertisements

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

Let’s Talk About Cyber Security

Thank you to IT Training at Indiana University Computer Malware.

What is Spyware? Where did it come from?.

Online Safety. Introduction The Internet is a very public place Need to be cautious Minimize your personal risk while online Exposure to: viruses, worms,

By Hiranmayi Pai Neeraj Jain

SPYWARE Presented by The State Security Office November 17, 2004.

Understanding and Detecting Malicious Web Advertising

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Spyware and other annoying Pop-ups. What are we going to learn? What is spyware What is the threat Where does it come from Why does spyware exist How.

For Removal Info: visit

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

Spyware! THE BAD, THE WORSE, AND THE Ugly … ARE ALL INDICATIONS THAT SPYWARE MAY BE TAKING OVER YOUR COMPUTER!

ACTIVE X By Ethan Huang. OUTLINE What is ActiveX? Component of ActiveX Why ActiveX? ActiveX and Java Security Issue.

What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.

Network Security. Network security starts from authenticating any user. Once authenticated, firewall enforces access policies such as what services are.

How to Protect Your PC Grayware Adware, Malware, Spyware.

LittleOrange Internet Security an Endpoint Security Appliance.

Chapter Nine Maintaining a Computer Part III: Malware.

Adware Spyware Anti-Virus Presented by: Forrest Fosheim Network Coordinator Southwest Telecommunications Coop.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Presentation by Kathleen Stoeckle All Your iFRAMEs Point to Us 17th USENIX Security Symposium (Security'08), San Jose, CA, 2008 Google Technical Report.

11 The Ghost In The Browser Analysis of Web-based Malware Reporter: 林佳宜 Advisor: Chun-Ying Huang /3/29.

Protecting People and Information: Threats and Safeguards

Hacker Zombie Computer Reflectors Target.

Niels Provos and Panayiotis Mavrommatis Google Google Inc. Moheeb Abu Rajab and Fabian Monrose Johns Hopkins University 17 th USENIX Security Symposium.

1 Spyware, Adware, and Browser Hijacking. ECE Agenda What is Spyware? What is Adware? What is Browser Hijacking? Security concerns and risks Prevention,

Spyware Sue Scott Technology Librarian. What is Spyware Malware – (Malicious Software) A general term to encompass unwanted software on a personal computer.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Windows Vista Security Center Chapter 5(WV): Protecting Your Computer 9/17/20151Instructor: Shilpa Phanse.

What is a Computer Worm? A computer worm is a self- replicating program very similar to a virus. A virus attaches itself and becomes part of another executable.

A Crawler-based Study of Spyware on the Web A.Moshchuk, T.Bragin, D.Gribble, M.Levy NDSS, 2006 * Presented by Justin Miller on 3/6/07.

1 Protect Against Spywares – SpywareBlaster. 2 Content Introduction – - What is Spyware? - Danger - Sign of Trouble Solution Cleaning -- Spybot Protection.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

®® Microsoft Windows 7 Windows Tutorial 5 Protecting Your Computer.

Malware Adware Removal Best Free Malware Virus Protection Best Free Malware Adware Removal Service Best free Anti Spyware Removal Service Best free Trojan.

S pyware refers to programs that use our Internet connection to send information from our personal computer to some other computer, normally without.

Spyware Steven Gribble Department of Computer Science and Engineering University of Washington.

WEBSENSE ® SECURITY LABS™ 2006 Semi-Annual Web Security Trends Report OWASP Presentation November 9, 2006 Jim Young (301)

A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.

1 Spyware. ECE 4112-Internetwork Security2 Agenda Cookies Browser hijacking Bundled software Key loggers Spyware prevention and deletion.

Return to the PC Security web page Lesson 5: Dealing with Malware.

Spybot-S&D Course: Fall 2004 Presented By: Ataul Bari Instructor: Dr. A. K. Aggarwal.

A CRAWLER BASED STUDY OF SPYWARE ON THE WEB Vijay Savanth The University of Auckland Computer Science Department A. Moshchuk, T.

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.

1 Lab 12: Spyware A Window’s User’s Worst Nightmare.

IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.

Shasta Console Operations February 2010 Tony Caleb.

Software - Utilities Objectives Understand what is meant by utility software and application software Look at common utilities – Security – Disk organisation.

SpyProxy SpyProxy Execution-based Detection of MaliciousWeb Content Execution-based Detection of MaliciousWeb Content Hongjin, Lee.

Erica Larnerd COSC Spyware...  What is it?  What does it do?  How does it get on my computer?  How can I tell if it’s on my computer?  What.

GCSE Computing: A451 Computer Systems & Programming Topic 3 Software System Software (2) Utility Software.

Adware and Browser Hijacker – Symptoms and Preventions /killmalware /u/2/b/ /alexwaston14/viru s-removal/ /channel/UC90JNmv0 nAvomcLim5bUmnA.

Remove [Browser Hijackers] For more information regarding [Browser Hijackers] Please Visit:

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

Max Secure Software founded in Jan 2003 develops innovative privacy, security, protection and performance solutions for Internet users. The company is.

Cosc 4765 Antivirus Approaches. In a Perfect world The best solution to viruses and worms to prevent infected the system –Generally considered impossible.

How to remove Ransomware on windows 10 ?

Which is better Avast Free Edition or Avast Pro Version?

Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.

Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.

Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.

Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.

Across the world McAfee providing the update protection solutions to the computer users. As same to the error above, wait for few minutes and think some.

ACROSS THE WORLD MCAFEE PROVIDING THE UPDATE PROTECTION SOLUTIONS TO THE COMPUTER USERS. AS SAME TO THE ERROR ABOVE, WAIT FOR FEW MINUTES AND THINK SOME.

Windows Vista Inside Out

Presentation transcript:

A Crawler-based Study of Spyware in the Web Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy

What is spyware? Broad class of malicious and unwanted software Steal control of a PC for the benefit of a 3 rd party Characteristics: Installs without user knowledge or consent Hijacks computer’s resources or functions Collects valuable information and relays to a 3 rd party Resists detection and uninstallation

You know it when you see it

How do people get spyware? Spyware piggybacked on popular software Kazaa, eDonkey Drive-by downloads Web page installs spyware through browser With or without user consent Trojan downloaders Spyware downloads/installs more spyware

Why measure spyware? Understand the problem before defending against it Many unanswered questions What’s the spyware density on the web? Where do people get spyware? How many spyware variants are out there? What kinds of threats does spyware pose? New ideas and tools for: Detection Prevention

Approach Large-scale study of spyware: Crawl “interesting” portions of the Web Download content Determine if it is malicious Two strategies: Executable study Find executables with known spyware Drive-by download study Find Web pages with drive-by downloads

Outline Introduction Executable file study Drive-by download study Summary Conclusions

Analyzing executables Web crawler collects a pool of executabes Analyze each in a virtual machine: Clone a clean WinXP VM Automatically install executable Run analysis to see what changed Currently, an anti-spyware tool (Ad-Aware) Average analysis time – 90 sec. per executable

Executable study results Crawled 32 million pages in 9,000 domains Downloaded 26,000 executables Found spyware in 12.3% of them Most installed just one spyware program Only 6% installed three or more spyware variants Few spyware variants encountered in practice 142 unique spyware threats

Main targets Visit a site and download a program What’s the chance that you got spyware?

Popularity A small # of sites have large #of spyware executables: A small # of spyware variants are responsible for the majority of infections:

Types of spyware Keylogger0.05% Dialer1.2% Trojan downloader12% Browser hijacker62% Adware88% Quantify the kinds of threats posed by spyware Consider five spyware functions What’s the chance an infected executable contains each function?

Example of a Nasty Executable “Let all your worries melt away into this collection of clouds in the sky – 100% free!” Installs 11 spyware programs initially Includes a trojan downloader; continually installs more spyware 10 more within first 20 minutes 12 new items on desktop, 3 browser toolbars Shows an ad for every 1.5 pages you visit CPU usage is constantly 100% No uninstallers Ad-Aware can’t clean System stops responding in 30 mins Restarting doesn’t help Unusable system and no screensaver!

Outline Introduction Executable file study Drive-by download study Summary Conclusions

Finding drive-by downloads Evaluate the safety of browsing the Web Approach: automatic virtual browsing Render pages in a real browser inside a clean VM Internet Explorer Mozilla Firefox Identify malicious pages Define triggers for suspicious browsing activity Run anti-spyware check only when trigger fires

Event triggers Real-time monitoring for non-normal behavior: Process creation File events Example: foo.exe written outside IE folders. Registry events Example: new auto-start entry for foo.exe No false negatives (theoretically) 41% false positives: Legitimate software installations Background noise Spyware missed by our anti-spyware tool

More on automatic browsing Caveats and tricks Restore clean state before navigating to next page Speed up virtual time Monitor for crashes and freezes Deciding what to say to security prompts: “yes” Emulate user consent “no” (or no prompt) Find security exploits

Example of a security exploit Ads Check browser and referrer Help ActiveX Control C:\windows\helpctr\tools.htm JavaScript; VBscript GET save as c:\calc.exe run inject code Local help objects bypass security restrictions; unsecured “local zone” Cross-zone scripting vulnerability in ActiveX Help allows JavaScript to inject code into a local help control

Drive-by download results Examined 50,000 pages 5.5% carried drive-by downloads 1.4% exploited browser vulnerabilities (unpatched Internet Explorer, unpatched WinXP)

Types of spyware Executables Drive-by Downloads Keylogger0.05%0% Dialer1.2%0.2% Trojan Downloader12%50% Browser hijacker62%84% Adware88%75% Is drive-by download spyware more dangerous?

Is Firefox better than IE? Repeat drive-by download study with Mozilla Firefox Found 189 (0.4%) pages with drive-by downloads All require user consent All are based on Java Work in other browsers Firefox is not 100% safe However, much safer than IE adult0 celebrity33 games0 kids0 music1 news0 pirate132 random0 wallpaper0 blacklist23 Total:189

Summary Lots of spyware on the Web 1 in 8 programs is infected with spyware 1 in 18 Web pages has a spyware drive-by download 1 in 70 Web pages exploits browser vulnerabilities Most of it is just annoying (adware) But a significant fraction poses a big risk Spyware companies target specific popular content Most piggy-backed spyware in games & celebrity sites Most drive-by downloads in pirate sites Few spyware variants are encountered in practice

Conclusion and Future Work Addressed key questions about spyware Built useful tools and infrastructure More details: A Crawler-based Study of Spyware in the Web NDSS06 Looking forward: Real-time protection with a trigger-based Web proxy Automatically detect new spyware Use triggers as truth Increase the scale of the study Study change of spyware over time (see paper!)

Questions?