The Dark Side of Software:

Viruses, Worms, Adware,

Spyware

Dr. Charles D. Knutson

Brigham Young University

www.charlesknutson.net

© 2009 Charles D. Knutson

 Malicious software
 Software that is evil, annoying, socially
maladjusted, anarchistic and otherwise
destructive
 Sometimes feels like the bane of the Internet
 Constant concern for "viruses" on your computer

© 2009 Charles D. Knutson 2

 Malicious software
 "Malware," "Badware," "Junkware"
 Wide range of intrusive software
 Installs without user consent
 Hostile, intrusive or annoying
 Not to be confused with legitimate software
that just doesn't work well

© 2009 Charles D. Knutson 3

 Sources
 Hobbyists
 Just to see what happens
 Malicious hackers
 Anarchist tendencies
 Criminal elements
 Spammers
 Harnass zombie computers

© 2009 Charles D. Knutson 4

 Sources
 Businesses
 Track buying or viewing habits
 Criminals
 Steal personal information
 Distributed Denial of Service Attack
 Multiple hijacked machines simultaneously hit a
targeted site

© 2009 Charles D. Knutson 5

 Some statistics
 As much malware was produced in 2007 as
in the 20 prior years combined
 Most common delivery mechanisms:
 Email
 Web

© 2009 Charles D. Knutson 6

 How they spread
 Trick user into installing
 Click on attachment
 Installs with other software
 Normally downloaded or shareware
 Exploit security holes
 Attacks your computer remotely
 Macros in Office documents

© 2009 Charles D. Knutson 7

 Malicious software
 Viruses
 Worms
 Trojan horses
 Spyware
 Adware
 Pop-ups

© 2009 Charles D. Knutson 8

 Virus
 Often used broadly as a term for all malware
 Definition is more precise
 Term comes from Biology
 Enters host
 Replicates itself
 Spreads to other hosts

© 2009 Charles D. Knutson 9

 Virus
 Self-replicating computer program
 Installs on your computer without your
permission
 Makes copies of itself and attempts to spread
 Infects other files, documents
 Those files and documents move around

© 2009 Charles D. Knutson 10

 Virus
 Forms of replication
 Infected disks
 Infected files
 Main sources of spread
 Files downloaded from the Web
 Email attachments
 Peer-to-peer file sharing

© 2009 Charles D. Knutson 11

 Virus
 Malicious behavior
 Reformat hard disk, delete data
 Display message
 No external visibility
 Potentially damaging even if benign
 Any system software can cause problems

© 2009 Charles D. Knutson 12

 Virus
 Anti-virus software is a must for certain
systems
 Especially Windows
 Must update and scan regularly
 Most popular programs:
 McAfee, Symantec, Sophos

© 2009 Charles D. Knutson 13

 Worm
 Similar to virus
 But does not need to attach to an existing file,
disk, or program
 Moves across a network
 Exploits security hole on target computers
 Installs itself
 Begins to search for new targets
 Chews up bandwidth while replicating

© 2009 Charles D. Knutson 14

 Worm
 May carry dangerous payload
 Leave Trojan horse or backdoor access
 Plant virus
 Damage data on target systems
 New worms exploit backdoors opened by
previous worms
 Your system will grind to a crawl
 Firewall software is a must
 Normally built-in, but must be turned on

© 2009 Charles D. Knutson 15

 2001 – Code Red Worm

© 2009 Charles D. Knutson 16

 Trojan horse
 Useful program run by the user
 Malicious software installs in the background
 Commonly installs backdoor or other security
breach
 Can be exploited later
 Mostly malicious intent
 Allow hacker access to your computer
 Antivirus software deals with this

© 2009 Charles D. Knutson 17

 Spyware
 Malware intended to gather information
about a user or system
 Track keystrokes, web visits
 Gather personal information
 Financial transactions
 Often modify desktop experience
 Install toolbars
 Change home page, search engine
 Redirect web traffic to commercial sites
© 2009 Charles D. Knutson 18
 Spyware
 Modes of installation
 Often like other forms of viruses
 Does not try to spread or replicate
 Most common in downloaded software, Internet
pop-up ads
User clicks on pop-up ad, gives program permission
to install
Often includes and installs adware

© 2009 Charles D. Knutson 19

 Spyware - Statistics
 2005 - 62% of all computers had spyware
installed
 92% of users were unaware
 2006 - 90% of computers infected
 In the first half of 2007, spyware infections
prompted 850,000 U.S. households to replace
their computers

© 2009 Charles D. Knutson 20

 Spyware - Statistics
 81% of home computers lack core protection
 Updated anti-virus software, a firewall, spyware
protection
 38% of home computers lack any spyware protection
software
 68% keep sensitive information, like personal
correspondence, professional records, and financial
information, on their home computers
 74% use the Internet for sensitive transactions from their
home computers, such as banking or reviewing personal
medical information

© 2009 Charles D. Knutson 21

 Anti-spyware software
 First really effective solutions
 Lavasoft AdAware
 Spybot - Search & Destroy
 Microsoft Windows Defender

 Major antivirus vendors catching up

 Symantec, McAfee, Sophos
© 2009 Charles D. Knutson 22
 Anti-spyware software
 Beware fake anti-spyware software
 Never buy or download anti-spyware from a
banner ad... think about it!!
Rogue software

 Never believe a banner ad that tells you your

computer is infected with something
 Think about it…

© 2009 Charles D. Knutson 23

 Downloads carrying spyware
 Bonzi Buddy
 Dope Wars
 Error Guard
 Grokster
 Kazaa
 Morpheus
 RadLight
 WeatherBug
 EDonkey 2000
 SpyEagle

© 2009 Charles D. Knutson 24

 Adware
 Software automatically displays or
downloads advertising material
 Typically without the consent of user
 Often a form of spyware, or in conjunction
with spyware
 Ads targeted to user profile, web habits, personal
info
 Information gleaned from spyware

© 2009 Charles D. Knutson 25

 Adware
 Not to be confused with legitimate banner
ads and pop-up ads
 Benign and honest about it
 If ads pop up randomly, or persistently
 Or when the browser isn't even open
 Or when you're not connected to the Internet

© 2009 Charles D. Knutson 26

 Anti-adware software
 All major spyware solutions will also remove
adware
 All major anti-virus programs

© 2009 Charles D. Knutson 27

 Other antivirus info
 Static scan
 Files on hard disk
 Modifications to hidden sectors on disk
 Modifications to active memory
 Dynamic scan
 Detect malware as it arrives
 Looks for
 Known signatures
 Known bad behaviors

© 2009 Charles D. Knutson 28

 Security updates
 Every operating system vendor releases
regular security updates
 As threats are uncovered
 Enable automatic security updates
 Especially critical in Windows
 Disable pop-up windows in your browser

© 2009 Charles D. Knutson 29

 Genetic diversity
 Same function in biological systems
 Diversity assists against an entire population
wiped out by one virus
 Windows invites attack
 Architectural weaknesses exist
 Other platforms not as vulnerable
 Less targeted
 Fewer architectural weaknesses

© 2009 Charles D. Knutson 30

 Windows vs. Mac
 Is Mac really safer than Windows?
 For the most part it's true
 Windows is a much bigger target
 Mac is built on Unix which has fewer security
holes
 No operating system is completely fool-proof
 If Mac earns 90% of the market...

© 2009 Charles D. Knutson 31

 Windows vs. Mac

© 2009 Charles D. Knutson 32

 Windows vs. Mac

© 2009 Charles D. Knutson 33

 Windows vs. Mac

© 2009 Charles D. Knutson 34

 Surfing guidelines
 Don't download programs, music or other
files from random sources
 Don't download toolbars
 Don't EVER click on a pop-up ad!!
 Be cautious about online games
 Especially if they require you to install software
in order to play
 Turn off pop-ups in browser

© 2009 Charles D. Knutson 35

 How to tell you're infected
 Performance is horrible!
 Gets better when you unplug the network cable
 Pop-up ads every few minutes
 Mysterious new toolbars on desktop
 Home page redirected
 Failed site page redirected
 Search page redirected

© 2009 Charles D. Knutson 36

 Questions?

 Internet Safety Podcast

 www.internetsafetypodcast.com
 Internet Safety Wiki
 wiki.internetsafetypodcast.com

Dr. Charles Knutson

knutson@cs.byu.edu

© 2009 Charles D. Knutson 37