ITIS 1210 Introduction to Web-Based Information Systems Chapter 49 The Dangers of Spyware and Phishing
Spyware Umbrella term for software that “watches” your surfing activity Without your knowledge, reports on Web pages you visit Track your Web searches Record keystrokes Open a backdoor into your computer
Spyware How does it get on your computer? By downloading and installing “free” software Kazaa file-sharing software, for example Spyware “rides along” Installing what you wanted causes the spyware to be installed as well Spyware runs whether or not the installed application is running
Spyware Purpose – generate cash Delivers pop-up ads Clicking to close still generates cash for the ad developer May even cause a new ad to pop up
Spyware At regular intervals the spyware sends information back to its owner Information collected and analyzed Profile about you built Ads targeted to you specifically are then sent to you when you run the program the spyware came in on
Spyware Deleting the original application usually has no effect on the spyware Might not be able to deliver ads any more but it still reports on your activities
Spyware Money Trail Reputable Web sites or merchants may be part of a money trail associated with spyware User signs up as an affiliate Your Web site has a link to someone else’s site They agree to pay you for referrals Examples: Dell, Staples, Clickbank DellStaplesClickbankDellStaplesClickbank
Affiliates
Spyware Money Trail Affiliate signs up and receives an ID Some merchants monitor affiliates, some don’t Spyware commonly follows merchants who do not do a good job of policing their affiliate programs
Spyware Money Trail Spyware authors make deals with affiliates Their spyware includes links to the affiliate’s real destination and uses their ID Affiliate includes spyware on their Web site or otherwise distributes it Unsuspecting user downloads spyware Clicks on links
Spyware Money Trail Merchant counts clocks and pays affiliate Affiliate splits income with spyware author Pop-under – variation of a pop-up Opens a new window hidden under the active window
Spyware Money Trail A pop under promoting Gateway, purchased from Direct Revenue by a rogue affiliate. If a user ultimately makes a purchase from Gateway, the pop under causes Gateway to pay commissions to the affiliate, via Commission Junction. Gateway pays these commissions even though it did not know of or approve the affiliate's decision to place advertising with Direct Revenue. Notice Gateway pop under (upper left corner, within a window labeled "Aurora" -- a Direct Revenue product name).
How Phishing Works Phishing attacks appear to be from a legitimate site but are forgeries Typically you receive an Problem with your account Need to verify your identify Someone has tried to access your account so you need to verify that everything is still OK
How Phishing Works looks authentic Correct logos and colors Some links may actually connect to the real site Click on the link provided (for your convenience) Takes you to a forgery of the real site Actually run by phisher
How Phishing Works Destination site looks authentic Graphics, design, links,etc. Some links may even work properly User logs in Phisher now knows username & password You answer questions or provide information directly to the phisher Credit card information
How Phishing Works Results? Identify theft Access to your bank accounts Examples: Citibank Citibank eBay eBay IRS
Following the Phishing Money Trail Phishers rarely work alone Usually part of a larger criminal organization Russian Mafia
Protecting Against Spyware New spyware released all the time New, updated signatures have to be constantly downloaded Some spyware changes (morphs) Hard to detect Anti-spyware looks for behaviors as well as signatures
Protecting Against Spyware Deleting spyware a complex task Many files may be involved Windows Registry might have to be corrected May even require a specific program to delete some spyware Real-time protection available Program in memory constantly running Watches for spyware installation signs
Protecting Against Spyware Deleting that program doesn’t delete the spyware Must use a spyware removal tool Ad-Aware from Spy-Bot Search & Destroy Spy-Bot Spyware Remover Spyware Remover Spyware Remover