Spywares

By:Murad M. Ali
Supervised By: Dr. Lo'ai Tawalbeh

New York Institute of technology (NYIT)-Jordan’s campus 2006

Spyware
 What Is spyware ?
 Spyware Vs Trojan horse
 Spyware Vs Virus
 Computer Get Infected
 Spyware Symptoms
 Spyware Prevalence
 Class of Spyware
 Spyware Programs
 FTC
 State Law
 Preventive Techniques
What Is Spyware ?
 Applications that send information from your
computer to the creator of the spyware
 Sometimes consists of an apparent core
functionality and a hidden functionality of
information gathering (Trojan)
 Can be used by web sites for marketing
information, to determine their stance with
regard to competitors and market trends
 Can also be used to log keystrokes and send
those to whomever
? What Is Spyware
 Software or hardware installed on a computer without
the user's knowledge which gathers information about
that user for later retrieval by whomever controls the
spyware.
 Spyware can be broken down into two different
categories:
 surveillance spyware
 advertising spyware.
? What Is Spyware
 Surveillance software:
 Includes key loggers, screen capture devices, and Trojans.
These would be used by corporations, private detectives, law
enforcement, intelligence agencies, suspicious spouses.

 Advertising spyware:
 Software that is installed alongside other software or via active x
controls on the internet, often without the user's knowledge, or
without full disclosure that it will be used for gathering personal
information and/or showing the user ads.
 Advertising spyware logs information about the user, possibly
including passwords, email addresses, web browsing history,
online buying habits, the computer's hardware and software
configuration, the name, age, sex,etc.
What Is Spyware ?
 software that is downloaded onto a person’s computer without
their knowledge. Spyware may collect information about a
computer user’s activities and transmit that information to
someone else. It may change computer settings, or cause
“pop-up” advertisements to appear (in that context, it is called
“adware”). Spyware may redirect a Web browser to a site
different from what the user intended to visit, or change the
user’s home page. A type of spyware called “keylogging”
software records individual keystrokes, even if the author
modifies or deletes what was written, or if the characters do
not appear on the monitor. Thus, passwords, credit card
numbers, and other personally identifiable information may be
captured and relayed to unauthorized recipients.
Spyware Vs Trojan Horse
 Spyware programs are sometimes installed as Trojan
horses of one sort or another.They differ in that their
creators present themselves openly as businesses, for
instance by selling advertising space on the pop-ups
created by the malware. Most such programs present
the user with an End-User License Agreement which
purportedly protects the creator from prosecution under
computer contaminant laws. However, spyware EULAs
have not yet been upheld in court.
Spyware Vs Virus
 Spyware
 Motivation Profit
 Monitor online activities for commercial gain
 Difficult to relate symptoms with spyware infection:
Sluggish PC performance, increased pop-up ads,
unexplained home page change, mysterious search
results.
 New technology (less than 5 years)
Spyware Vs Virus
 Virus
 Intent Harmful
 Damage computer system, corrupt files and destroy
data
 Easy to relate symptoms with virus infecton: Corrupt
program files, loss of computer storage memory,
deletion of critical files.
 Old Technology
Computers Get Infected
 Basic forms of spyware can be picked up simply by visiting a Web
page. 
 Spyware may also be picked up through email. 
 You are particularly likely to be exposed by downloading software, in
particular "freeware" and "shareware" offerings.
 Many software downloads are "free," but within the End User License
Agreement (EULA) are provisions to use information from your
computer or your email and other contact information.  You have to
agree to the EULA to download or install, so you essentially agree to
allowing someone else to use information about your computer.
 That's why the definition of spyware is "generally without your
knowledge or consent."  Often, you've consented.  You just don't realize
it because you didn't read the fine print.  This is why the definition of
spyware sometimes includes the lawyerism "potentially unwanted
technologies."
Spyware Symptoms
 Adware forms of spyware often operate silently, monitoring your Web surfing
activities and reporting back what sites you have visited to a marketing
organization.  Others display "pop-up" ads on your computer's desktop or on
top of other Web pages.
 More aggressive spyware will reset your browser's home page (the page that
appears when the browser starts up), change the service your browser uses for
Web searches, or add new sites to your favorites list.  Or produce even more
invasive advertisements. 
 The most damaging spyware programs can actually install "trojans" -- computer
programs which allow other people to remotely access an infected computer. 
Such spyware programs can run silently "in the background" and are capable
of doing anything that a typical computer program can do which does not
require your intervention.
 Sometimes a spyware-infected computer will run more slowly due to all the
activity going on in the background.  But just because your computer seems to
be running at normal speed doesn't mean you are safe. 
 Increase in system crashes
Spayware Prevalence
April 16, 2004; BBC News (UK) - PCs 'infested' with spy
programs. Internet provider EarthLink says it uncovered
29.5 million examples of spyware on over 1 million
computers scanned between January and March. These
parasite programs sometimes come attached to software
downloaded from the Web. The details are often
included in the license agreement small print that most
users click through without reading. But sometimes they
do not even need your permission to download, but just
bury themselves on a hard drive as you browse the
Internet.
Spayware Prevalence
 In October 2004, America Online (AOL) and the National Cyber
Security Alliance (NCSA) released the results of a survey of 329
dial-up and broadband computer users regarding online threats,
including spyware. According to the study:

 80% of the computers they tested were infected with spyware or

adware, and 89% of the users of those computers were unaware of it
 the average infected computer had 93 spyware/adware components on
it, and the most found on a single computer was 1,059
 most users do not recognize the symptoms of spyware — 63% of users
with a pop-up blocker said they got pop-up ads anyway, 43% of users
said their home page had been changed without their permission, and
40% said their search results are being redirected or changed.
Class of Spyware
 Tracking Cookies
 Browser Hijacking
 Hosts File
 Home Page
 Search Page
 Error Pages
 Keyloggers
 Spybots
 Malware
 Adware
Tracking Cookies
 Cookies that can track your Web activities
 May include cookies that contain
 user names
 passwords
 other private information that you enter on
web sites (SSN, banking info, credit cards)
Browser Hijacking
 Hosts File
 Redefine the addresses of trusted sources,
i.e. anti-virus tools, software patches and
upgrades
 Home Page
 Redefine the page that opens up when you
start your browser
Browser Hijacking
 Search Page
 Redefine the page that opens up when you
enter an undefined URL
 Redefine the page that opens up when you
click your “Search” button

 Error Pages
 Redefine the pages that open when an error
occurs.
Keyloggers
 Were originally designed to record all
keystrokes of users in order to find
passwords, credit card numbers, and other
sensitive information
Spybots
 Spybots are the prototypical example of
“spyware.” A spybot monitors a user’s behavior,
collecting logs of activity and transmitting them
to third parties.
 A spybot may be installed as a browser helper
object, it may exist as a DLL on the host
computer, or it may run as a separate process
launched whenever the host OS boots.
Malware & Adware
 Malware
 Refers to a variety of malicious software, including
viruses, worms, Trojan horses.

 Adware
 Software that displays advertisements tuned to the
user’s current activity, potentially reporting aggregate
or anonymized browsing behavior to a third party
Gator, Cydoor, and eZula
 These three are spyware programs
 All three are “spybot” or “adware” class
programs
 They are typically packaged with popular free
software.
 They all send and retrieve information from
remote servers using the HTTP protocol.
Gator
 Gator is adware that collects and transmits information about
a user’s Web activity.
 Goal is to gather demographic information and generate a
profile of the user’s interests for targeted advertisements.
 Gator may log and transmit URLs that the user visits, partially
identifying information such as the user’s first name and zip
code, and information about the configuration and installed
software on the user’s machine.
 Gator can be installed on a user’s computer in several ways.
When a user installs one of several free software programs
produced by Claria Corporation (the company that produces
Gator), such as a free calendar application or a time
synchronization client
Cydoor
 Cydoor displays targeted pop-up advertisements
 whose contents are dictated by the user’s
browsing history. When a user is connected to
the Internet, the Cydoor client prefetches
advertisements from the Cydoor servers. These
advertisements are displayed whenever the user
runs an application that contains Cydoor,
whether the user is online or offline.
eZula
 eZula attaches itself to a client’s Web browser and modifies
incoming HTML to create links to advertisers from specific
keywords. When a client is infected with eZula, these artificial
links are displayed and highlighted within rendered HTML. It
has been reported that eZula can modify existing HTML links
to redirect them to its own advertisers, but we have not
observed this ourselves.
 It is also known as TopText, ContextPro or HotText.
 It is bundled with several popular filesharing applications
(such as Kazaa and LimeWire), and it can also be
downloaded as a standalone tool. eZula runs as a separate
process (ezulamain.exe) and it includes the ability to self-
update
FTC Advice to Consumers
 The Federal Trade Commission (FTC) issued a consumer alert about
spyware in October 2004 offering a list of warning signs that might indicate
that a computer is infected with spyware. The FTC alert listed the following
clues:
 a barrage of pop-up ads;
 a hijacked browser — that is, a browser that takes you to sites other than those
you type into the address box;
 a sudden or repeated change in your computer’s Internet home page;
 new and unexpected toolbars;
 new and unexpected icons on the system tray at the bottom of your computer
screen;
 keys that don’t work (for example, the “Tab” key that might not work when you try
to move to the next field in a Web form);
 random error messages; and
 sluggish or downright slow performance when opening programs or saving files
FTC Advice to Consumers
 The FTC alert also offered preventive actions consumers can take.
 update your operating system and Web browser software;
 download free software only from sites you know and trust;
 don’t install any software without knowing exactly what it is;
 minimize “drive-by” downloads by ensuring that your browser’s security setting is
high enough to detect unauthorized downloads;
 don’t click on any links within pop-up windows;
 don’t click on links in spam that claim to offer anti-spyware software; and
 install a personal firewall to stop uninvited users from accessing your computer.

 FTC alert advised consumers who think their computers are infected to get
an anti-spyware program from a vendor they know and trust; set it to scan
on a regular basis, at startup and at least once a week; and delete any
software programs detected by the anti-spyware program that the consumer
does not want.
State Laws
 In March 2004, Utah became the first state to
enact spyware legislation, then California joined
Utah in enacting spyware legislation in 2004.

 In 2005 Twelve states enacted spyware

legislation:
 Alaska, Arizona, Arkansas, California, Georgia,
Indiana, Iowa, New Hampshire, Texas, Utah, Virginia,
and Washington.
Preventive Techniques
 Don't install any application unless you are certain of what it does or
where it came from.
 Always read the license agreement
 Software and OS upgrades
 Utilize browser’s security settings
 Use Anti-Spyware
 Spy Sweeper
 Microsoft Windows AntiSpyware
 Spyware Doctor
 Spyware Slayer
 Spy Killer
 Spy Remover
Spy Sweeper
Spy Sweeper
Microsoft Windows AntiSpyware
Microsoft Windows AntiSpyware
Spyware Doctor
References
 http://www.webopedia.com
 http://www.wikipedia.org
 http://www.bendelmen.org
 http://lavasoftusa.com
 http://commerce.senate.gov