COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University
Roger Thompson Communications of the ACM, August, 2005 Native Australian, now in the USA Chief Research Officer for AVG Leads a global team of security researchers Previously headed the malware research operations for security industry leaders ICSA, PestPatrol and Computer Associates (CA). Speaks widely on computer security and forensics issues. Check out his blog:
Malware - Definition Malware - short for malicious software Designed to infiltrate or damage a computer system without the owner's informed consent A variety of forms of hostile, intrusive, or annoying software or program code: – computer viruses, worms, trojan horses, most root kits, spyware, dishonest adware, crimeware
Spyware – Definition Spyware – any software intended to aid an unauthorized person or entity in causing a computer, without knowledge of the computer’s user or owner, to divulge private information.
Spyware – A Relentless Onslaught Spyware is software that is installed on a computer and collects information without the user’s knowledge Sometimes it is installed by the owner of a shared, corporate, or public computer to secretly monitor users Can collect various types of personal information, such as Internet surfing habits and sites that have been visited Can interfere with user control of the computer in other ways, such as: – installing additional software – redirecting web browser activity – changing computer settings – forcing alternative software to execute
Spyware Dangers “Phone home” – sends info on user and her/his actions to a third party – used for spam / pop-up campaigns Open a computer to a remote attacker – RAT = Remote Access Trojan Capture keystrokes and send it to theif/blackmailer Hijack computer for illegal use – armies of software robots = Botnets, denial-of-service attacks Probe system for access to files
Spyware Harms Computer Perfromance Seriously degrades computer performance If you computer is taking a long time to boot, it is likely because of Spyware If your webpages are taking longer to load it is likely do to Spyware Seconds lost per transaction adds up to big costs
National Security Threats Some Spyware is designed to steal UIDs and passwords When of the greatest corporate and national threats in existence today Botnets = armies of distributed software robots Able to hijack large numbers of person computers Orchestrated, a Botnet can be a powerful force on the Web - DDoS
Botnet A collection of software robots, or bots, that run autonomously and automatically and distributed over a computer network A bot typically runs hidden, uses a covert channel to communicate with its command and control server(s). Newer bots automatically scan their environment and propagate themselves using vulnerabilities The process of stealing computing resources via "botnet" is sometimes referred to as "scrumping.“ Estimated that up to one quarter of all personal computers connected to the internet may be part of a botnet: – The Dutch police found a 1.4 million node botnet – Norwegian ISP Telenor disbanded a 10,000-node botnet.
Fighting Back A combined effort is needed, three lines of defence: 1: Education and protection – Education of organizations and individuals on preventative measures – COAST – Consortium of Anti-Spyware Technology – Use of protective anti-Spyware software
Fighting Back 2: Disclosure Legislation – Identification of all installed software – Ease of removal of software – Transparent disclosure of all impacts on computer – Allows users to make decision on use and to take action
Fighting Back 3: Aggressive Prosecution – Laws against consumer fraud and idenituy theft cover Spyware acts – Law enforcement must be encouraged to take action – International law enforcement co-op needed 4: Planning – For DDoS from Botnets – Gov’t, ISP, corporate and international co-op needed