25-08-2014, 11:04 AM
SPYWARE SEMINAR REPORT
SPYWARE.docx (Size: 40.01 KB / Downloads: 15)
Abstract
Spyware and Trojan horses. These are separate security threats to networked systems, both of which are realized using differing software development techniques. We introduce the concepts of Spyware and Trojan Horses, followed by detailing how each is constructed and installed. We go into depth on their operation, which is revealed with the aid of demonstration software. Following our examples, we present a range of preventions, solutions and cures to each threat posed. We discuss the issues surrounding the user's interaction with such software and conclude by specifying an optimal solution for the avoidance of the threats posed. This seminar is aimed at every day computer users, Software Engineers and Computer Security professionals. The differing levels of information conveyed will be of use to each of the for mentioned groups. We are content that each group will receive sufficient information to minimize the risks posed to them by Spyware, Trojan Horses and other affiliated network based software
INTRODUCTION
Spyware and Trojan Horses are both separate entities realized through soft-ware. In addition, we present the web-based Tracking Cookie protocol. Each of these entities may be placed under one category which poses a significant computer security threat, "Malware". This is a term applied to any software which may act in a malicious manner, undesirable to the user. For each individual "Malware" threat, we discuss;
The mechanisms and technologies relied upon for its operation. The effects it causes for both end users and computer security professionals
Demonstrations of each threat in operation. We discuss the short and long term solutions to the problems posed. Finally, we discuss a series of preventions for home and business users, prior to presenting "System X", which has suitable Spyware, Trojan Horse and Tracking Cookie detection and prevention mechanisms. We propose a series of short and long-term solutions to each individual problem.
NETWORK TECHNOLOGY
The network infrastructure which is used for Spyware implementation is relatively complex.
The Spyware entity exists on the client machine. The client operation is given in section 3.5 of this handout. The client machine is connected to a network appliance, which may be a router, network switch or modem
CLIENT TECHNOLOGY
Spyware operation on the Client machine is again, an unknown process. However, when one reads further into the Spyware domain, it becomes more transparent as to how this software achieves its goals. Once the Spyware has been installed its operation is composed of two processes. One a memory resident application which is created at boot-up, the other a plug in which operates when the Browser software is run. Strings of URLs visited by the user are passed from the Browser interface to the Spyware plug in. In the example utilized in this GAINs Gator. The URLs visited are
SERVER TECHNOLOGY
Client refers to the client of the Spyware vendor. They will require access to data on customers in return for payment. Furthermore, they require their advertisements to be posted to user's machines. Therefore, they will more than likely use access software provided by the Spyware vendor, along with a secure connection. For this, we would advocate the use of Java RMI, Microsoft DCOM or CORBA (Common Object Request Broker Architecture).
User Initiatives
Issue awareness understanding the disadvantages of Spyware allows users to make an educated decision on whether they want to per take. Legitimate Software vendors using reputable software vendors and checking that software is signed by a Certificate Authority (CA) can lower the risk of Spyware. Technical Knowledge the user may not understand what they are giving theirconsent to when they install Spyware supported software. Increased understanding of Spyware would allow users to detect Spyware themselves. Operating System Spyware is de removal software available. Adware signed to run on systems run works much the same as a virus checker
TRACKING COOKIES
A piece of information sent by a web server to a user's browser. (A web server is the computer that "hosts" a web site and responds to requests from a user's browser.) Cookies may include information such as login or registration identification, user preferences, on-line "shopping cart" information, etc. The browser saves the information and sends it back to the web server when-ever the browser returns to the web site. The web server may use the cookie to customize.
HOW DOES A TROJAN HORSE WORK
Trojans work by waiting for a remote connection. To prove the connection is from the attacker, password authentication is normally used. The Trojan will have been preconfigured with a given password before being sent to the victim. To allow use on systems with rapidly-changing dynamic IP addresses, the Trojan may 'phone home' to report its IP address. Because it is relatively easy to extract the location of 'home', a third party is normally used, such as an IRC or ICQ
TROJAN HORSE EXAMPLES
A long list of Trojans can be found here. In this hand-out, we aim to cover a few Trojans with features that distinguish them from the rest: Back Orica: Back Orica (BO) was developed by the Cult of the Dead Cow and was ahead of its time when released at Deccan 6 in 1998. The Trojan affects Windows 95 and 98 although there are clients for all major operating systems. The Trojan horse is able to perform many (some extremely malicious) at-tacks. One particular example is the distribution of a Trojan to perform a Distributed Denial of Service (Dodos) attack. This relies on the Trojan executable to be distributed to as many machines as possible,
IMPACT OF SPYWARE
Spyware can cause people to lose trust in the reliability of online business transactions. Similar to the problem of counterfeit currency in the physical world, spyware undermines condense in online economic activity. Consumer’s willingness to participate in online monetary transactions decrease for fear of personal financial loss. Vendors lose condense that the person making the purchase is who they say they are and not actually a criminal using a stolen identity or illicit funds. In e orts to manage the risk, vendors and financial institutions often implement additional verification and other loss prevention programs at increased operational cost. Even when financial organizations cover an individual’s
IMPACT TO COMPUTERS
Some common examples include product registration codes and user credentials that are copied and pasted into login forms. Other information that might be found in the system clip-board bier includes sections of potentially sensitive data from recently modified documents or personal information about you or your associates that could be used in crimes related to identity theft. Key logging is one of the first spyware techniques used to capture sensitive data from a system. By monitoring and reporting user activity, spyware consumes system resources as well as network bandwidth. Depending on the number of spyware components loaded on a system and their functionality, users may experience significant performance degradation. Reliability problems
. EFFECTS AND BEHAVIORS
A spyware program is rarely alone on a computer: an affected machine usually has multiple infections. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network track. Stability issues, such as applications freezing, failure to boot, and system wide crashes are also common. Spyware, which interferes with networking software, commonly causes difficulty connecting to the Internet. In some infections, the spyware is not even evident. Users assume in those situations that the performance issues relate to faulty
HOW ANTI SPYWARE SOFTWARE WORKS
Anti spyware programs can combat spyware in two ways: They can provide real time protection in a manner similar to that of antivirus protection: they scan all incoming network data for spyware and block any threats it detects. Anti spyware software programs can be used solely for detection and removal of spyware software that has already been installed onto the computer. This kind of anti spyware can often be set to scan on a regular schedule. Such programs inspect the contents of the Windows registry, operating system les, and installed programs, and remove les and entries which match a list of known spyware
PRIVACY AND CONDENTIALITY RISKS
Participants identified various privacy risks associated with spyware that vary in both scope and severity. These risks include the theft of personal information, monitoring of communications, and tracking of an individual’s online activity. Several panelists observed that the most serious privacy risks arise when spyware installed on a computer includes a keystroke logger. A keystroke logger captures all keystrokes that the user types on the computer keyboard, including passwords,
Conclusion
The ultimate use of spyware is to find virus files. It even has an advance feature of tracing corrupt files.
Few other advance features are, it does not allow unauthorized persons to access their information
own purposes. For example, some spyware secretly born rows hard drive space on computers to store its own hidden les.