presenter: le quoc thanh spyware analysis and detection
TRANSCRIPT
Presenter: Le Quoc Thanh
SPYWARE
ANALYSIS AND DETECTION
OBJECTIVES
What is spyware
Who creates spyware
How spyware operates
Common spyware forms
Impact of spyware
Recommendations
2
WHAT IS SPYWARE
Spyware is one type of malicious software (malware) that collects information from a computing system of a person or organization without their knowledge and then send such information to the creator of the spyware.
Spyware can capture keystrokes , screenshots , visited sites, internet usage habits and other personal information.
3
WHO CREATES SPYWARE
Online attackers
Marketing organizations
4
5
HOW SPYWARE OPERATES Basic forms of spyware can be picked up simply by
visiting a Web page, through email, or downloading software especially “freeware” and “shareware”.
Many software downloads are “free”, but within the End User License Agreement (EULA) are provisions to use information from your computer or your email and other contact information. You have to agree to the EULA to download or install, so you essentially agree to allowing someone else to use information about your computer.
More spyware will reset your browser's home page, change the service your browser uses for Web searches, or add new sites to your favorites list.
6
END USER LICENSE AGREEMENT
7
POP-UP
8
COMMON SPYWARE FORMS
Browser hijacking Tracking cookies False antispyware tools Autonomous spyware Keylogger
9
BROWSER HIJACKING
This class of spyware attempts to modify the users browsers setting.
Hijacking spyware can be installed in various ways.
These redirects lead users to advertisements that earn the hijacking commissions when they are visited.
10
COOKIES AND WEB BUGS
- Cookies are small pieces of information stored on a user’s system by a web server. During subsequent visits often , cookies are used for storing user authentication , preferences , and other type of user information.
- They can be used to track a user across multiple websites.
11
FALSE ANTISPYWARE TOOLS
Applications available on some internet sites advertise themselves.
As spyware detection or removable tools. In fact they themselves are spyware.
12
AUTONOMOUS SPYWARE
Autonomous spyware is malicious application , it can be designed to perform any type of spying functions.
Autonomous spyware operates as a separate process or injects itself into other processes running on your system.
This type of spyware often starts up when you log onto your computer and can frequently access anything on your system.
13
KEYLOGGER
Designed to record all keystrokes of users in order to find passwords, credit card numbers, and other sensitive information.
Thus, passwords, credit card numbers, and other personally identifiable information may be captured and relayed to unauthorized reception.
14
Aside of ethics and privacy, spyware steals computer's memory resources and also uses bandwidth as it sends information back to the spyware's home via the user's Internet connection.
Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.
Spyware is known to change computer settings, resulting in slow connection speeds, loss of Internet or functionality of other programs.
Increase in system crashes.
IMPACT OF SPYWARE
15
Spyware have the ability to monitor keystrokes, scan files on the hard drive,
Or install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying such information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.
IMPACT OF SPYWARE
16
RECOMMENDATIONS Don't install any application unless you are certain of what it does or where it
came from.
Avoid clicking advertised popups especially ones that mention “free” stuff if possible.
Use trusted softwares.
Always read the license agreement
Software and OS upgrades
Utilize browser’s security settings
Pop-up Blockers
Open Firewall
E-Mail Filters
Use Anti-Spyware Spy Sweeper Microsoft Windows Anti-Spyware Spyware Doctor
SUMMARY
17
18
THANKS FOR LISTENING