Presentation is loading. Please wait.

Presentation is loading. Please wait.

How Spyware works?. Introduction Spyware is an umbrella name for many types of malicious codes Spy on ones behavior May watch web pages one visit and.

Published byBlaze Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "How Spyware works?. Introduction Spyware is an umbrella name for many types of malicious codes Spy on ones behavior May watch web pages one visit and."— Presentation transcript:

1 How Spyware works?

2 Introduction Spyware is an umbrella name for many types of malicious codes Spy on ones behavior May watch web pages one visit and report that information May allow people to record the information Install without knowledge or by tricking Spyware is an umbrella name for many types of malicious codes Spy on ones behavior May watch web pages one visit and report that information May allow people to record the information Install without knowledge or by tricking

3 Introduction A typical Windows user has administrative privileges, mostly for convenience. Because of this, any program the user runs has unrestricted access to the system. As with other operating systems, Windows users are able to follow the principle of least privilege and use non-administrator accounts. Alternatively, they can also reduce the privileges of specific vulnerable Internet-facing processes such as Internet Explorer. Since Windows Vista, by default, a computer administrator runs everything under limited user privileges. When a program requires administrative privileges, a User Account Control pop-up will prompt the user to allow or deny the action. This improves on the design used by previous versions of Windows. A typical Windows user has administrative privileges, mostly for convenience. Because of this, any program the user runs has unrestricted access to the system. As with other operating systems, Windows users are able to follow the principle of least privilege and use non-administrator accounts. Alternatively, they can also reduce the privileges of specific vulnerable Internet-facing processes such as Internet Explorer. Since Windows Vista, by default, a computer administrator runs everything under limited user privileges. When a program requires administrative privileges, a User Account Control pop-up will prompt the user to allow or deny the action. This improves on the design used by previous versions of Windows.

4 How Spyware invades PC? Spyware invades PCs through: – Installing Free program installs spyware on PC – Clicking on a pop-up ad downloads and installs spyware on PC Often runs even when the program that it rides upon is not running – At the start up – Watches web activities and tracks every web site – Reports to the spyware website about the web activities done by us – Spyware website creates profile of every individual – Website delivers targeted ads to the individual Spyware invades PCs through: – Installing Free program installs spyware on PC – Clicking on a pop-up ad downloads and installs spyware on PC Often runs even when the program that it rides upon is not running – At the start up – Watches web activities and tracks every web site – Reports to the spyware website about the web activities done by us – Spyware website creates profile of every individual – Website delivers targeted ads to the individual

5 Examples CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites. CoolWebSearch search enginehosts fileDNS FinFisher, sometimes called FinSpy is a high-end surveillance suite sold to law enforcement and intelligence agencies. Support services such as training and technology updates are part of the package. FinFisher Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites. Internet Optimizer CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites. CoolWebSearch search enginehosts fileDNS FinFisher, sometimes called FinSpy is a high-end surveillance suite sold to law enforcement and intelligence agencies. Support services such as training and technology updates are part of the package. FinFisher Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites. Internet Optimizer

6 Example HuntBar, WinTools or Adware.Websearch, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements. HuntBar ovieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and other agencies. Consumers complained they were held hostage by a cycle of oversized pop-up windows demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay. [29][30] The FTC filed a complaint, since settled, against Movieland and eleven other defendants charging them with having "engaged in a nationwide scheme to use deception and coercion to extract payments from consumers." ovielandFederal Trade CommissionWashingtonState Attorney General's OfficeBetter Business Bureau pop-up windows [29][30]complaintsettledeleven other defendantsdeceptioncoercion HuntBar, WinTools or Adware.Websearch, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements. HuntBar ovieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and other agencies. Consumers complained they were held hostage by a cycle of oversized pop-up windows demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay. [29][30] The FTC filed a complaint, since settled, against Movieland and eleven other defendants charging them with having "engaged in a nationwide scheme to use deception and coercion to extract payments from consumers." ovielandFederal Trade CommissionWashingtonState Attorney General's OfficeBetter Business Bureau pop-up windows [29][30]complaintsettledeleven other defendantsdeceptioncoercion

7 How spyware morphs itself to escape detection Polymorphic spywares – Change filename and location and also size of files – Cool web search and About:Blank home page hijacking Install at multiple locations at the hard disk Anti-spyware if detects any such spyware; other spywares are still alive in the machine Spyware can inject itself in some other application Silent Spyware vs. destructive program Hiding itself in the windows registry files Polymorphic spywares – Change filename and location and also size of files – Cool web search and About:Blank home page hijacking Install at multiple locations at the hard disk Anti-spyware if detects any such spyware; other spywares are still alive in the machine Spyware can inject itself in some other application Silent Spyware vs. destructive program Hiding itself in the windows registry files

8 How spyware invades Privacy By sending information to other server Key logger keeps track of keys pressed By installing other malicious software on the system By sending information to other server Key logger keeps track of keys pressed By installing other malicious software on the system

9 How home page and search page hijackers work? Home page hijacker changes browsers’ start page – New home page includes many pop-up ads Search page hijacker changes normal search engine to a new one and overflows systems with so many pop ups. Even if the browser settings are changed, these spywares run at start up and change the default settings to the new ones Disguise themselves as add-ins to browser (Browser Helper Objects BHOs) Home page hijacker changes browsers’ start page – New home page includes many pop-up ads Search page hijacker changes normal search engine to a new one and overflows systems with so many pop ups. Even if the browser settings are changed, these spywares run at start up and change the default settings to the new ones Disguise themselves as add-ins to browser (Browser Helper Objects BHOs)

10 How dialers work? Installed similar to spyware Checks presence of modem Surreptitiously dials 900 phone number (Charging 4$ per minute or more) Keeps call connected for 10 minutes or more Could not prove the call Outdated due to DSL, Ethernet and Data Cards these days Installed similar to spyware Checks presence of modem Surreptitiously dials 900 phone number (Charging 4$ per minute or more) Keeps call connected for 10 minutes or more Could not prove the call Outdated due to DSL, Ethernet and Data Cards these days

11 How Keyloggers work? Often installed in two parts –.exe file Automatically launches as startup –.dll file.exe file launches.dll file and it does most of the damage Records all keystrokes Keystrokes recorded may be sent to the attacker directly or saved in a file and sent at regular intervals Attacker examines the key strokes and gets necessary information Often installed in two parts –.exe file Automatically launches as startup –.dll file.exe file launches.dll file and it does most of the damage Records all keystrokes Keystrokes recorded may be sent to the attacker directly or saved in a file and sent at regular intervals Attacker examines the key strokes and gets necessary information

12 How rootkits work? Used by intruder to gain access to someones’ PC without being detected Made of series of files and tools Can be installed similar to shareware Replace important components of OS with new software of same size, creation date etc. Installs backdoor daemon, automatic program Many also install keyloggers or sniffers May also send the log of the system Used by intruder to gain access to someones’ PC without being detected Made of series of files and tools Can be installed similar to shareware Replace important components of OS with new software of same size, creation date etc. Installs backdoor daemon, automatic program Many also install keyloggers or sniffers May also send the log of the system

13 Following the spyware money trail Someone who wants to make money from spyware signs up for an affiliate program with a website or merchant The person gets a code that identifies him, so he can be paid for every link or click to the merchant Some merchants monitor those who sign up for affiliate programs, but many do not. Those wanting to make money from spyware are not often spyware authors. They make deal with spyware author in which spyware will include links to persons’ affiliate program ID. Someone who wants to make money from spyware signs up for an affiliate program with a website or merchant The person gets a code that identifies him, so he can be paid for every link or click to the merchant Some merchants monitor those who sign up for affiliate programs, but many do not. Those wanting to make money from spyware are not often spyware authors. They make deal with spyware author in which spyware will include links to persons’ affiliate program ID.

14 How antispyware works? Searches signature of spyware Compares signatures with signature base Also checks suspicious behavior Then antispyware deletes spyware. – May not be deleted completely – Hence specific software is required to delete all spywares Includes real-time protection Searches signature of spyware Compares signatures with signature base Also checks suspicious behavior Then antispyware deletes spyware. – May not be deleted completely – Hence specific software is required to delete all spywares Includes real-time protection

15 Thank you Sharada Valiveti

Download ppt "How Spyware works?. Introduction Spyware is an umbrella name for many types of malicious codes Spy on ones behavior May watch web pages one visit and."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.

Keep Your PC Safe (Windows 7, Vista or XP) Nora Lucke 02/05/2012 Documents - security.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.

Internet Safety Topic 2 Malware This presentation by Tim Fraser Malware is short for malicious software VirusesViruses SpywareSpyware AdwareAdware other.
Spyware and Adware Rick Carback 9/18/2005

Spyware and Adware Rick Carback 9/18/2005
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Spyware and other annoying Pop-ups. What are we going to learn? What is spyware What is the threat Where does it come from Why does spyware exist How.

Spyware and other annoying Pop-ups. What are we going to learn? What is spyware What is the threat Where does it come from Why does spyware exist How.
Spyware & It’s Remedies CS 526 Research Project Spring 2008 Presented By - Ankur Chattopadhyay Erica Kirkbride University Of Colorado At Colorado Springs.

Spyware & It’s Remedies CS 526 Research Project Spring 2008 Presented By - Ankur Chattopadhyay Erica Kirkbride University Of Colorado At Colorado Springs.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Chapter 4 Personal Security

Chapter 4 Personal Security
Computer Applications Reading Scheme Spyware Chan Yui Ming (6) L6A.

Computer Applications Reading Scheme Spyware Chan Yui Ming (6) L6A.
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.

What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.
Free Software Alternatives: Avast! Anti-virus

Free Software Alternatives: Avast! Anti-virus
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
 Meaning of spyware Spyware is a program that can be installed on computers, and which collects small pieces of information about users without their.

 Meaning of spyware Spyware is a program that can be installed on computers, and which collects small pieces of information about users without their.

Similar presentations

Ads by Google