Presenter: Le Quoc Thanh

SPYWARE

ANALYSIS AND DETECTION

OBJECTIVES

What is spyware

Who creates spyware

How spyware operates

Common spyware forms

Impact of spyware

Recommendations

2

WHAT IS SPYWARE

Spyware is one type of malicious software (malware) that collects information from a computing system of a person or organization without their knowledge and then send such information to the creator of the spyware.

Spyware can capture keystrokes , screenshots , visited sites, internet usage habits and other personal information.

3

WHO CREATES SPYWARE

Online attackers

Marketing organizations

4

5

HOW SPYWARE OPERATES Basic forms of spyware can be picked up simply by

visiting a Web page, through email, or downloading software especially “freeware” and “shareware”.

Many software downloads are “free”, but within the End User License Agreement (EULA) are provisions to use information from your computer or your email and other contact information.  You have to agree to the EULA to download or install, so you essentially agree to allowing someone else to use information about your computer.

More spyware will reset your browser's home page, change the service your browser uses for Web searches, or add new sites to your favorites list. 

6

END USER LICENSE AGREEMENT

7

POP-UP

8

COMMON SPYWARE FORMS

Browser hijacking Tracking cookies False antispyware tools Autonomous spyware Keylogger

9

BROWSER HIJACKING

This class of spyware attempts to modify the users browsers setting.

Hijacking spyware can be installed in various ways.

These redirects lead users to advertisements that earn the hijacking commissions when they are visited.

10

COOKIES AND WEB BUGS

- Cookies are small pieces of information stored on a user’s system by a web server. During subsequent visits often , cookies are used for storing user authentication , preferences , and other type of user information.

- They can be used to track a user across multiple websites.

11

FALSE ANTISPYWARE TOOLS

Applications available on some internet sites advertise themselves.

As spyware detection or removable tools. In fact they themselves are spyware.

12

AUTONOMOUS SPYWARE

Autonomous spyware is malicious application , it can be designed to perform any type of spying functions.

Autonomous spyware operates as a separate process or injects itself into other processes running on your system.

This type of spyware often starts up when you log onto your computer and can frequently access anything on your system.

13

KEYLOGGER

Designed to record all keystrokes of users in order to find passwords, credit card numbers, and other sensitive information.

Thus, passwords, credit card numbers, and other personally identifiable information may be captured and relayed to unauthorized reception.

14

Aside of ethics and privacy, spyware steals computer's memory resources and also uses bandwidth as it sends information back to the spyware's home via the user's Internet connection.

Because spyware is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.

Spyware is known to change computer settings, resulting in slow connection speeds, loss of Internet or functionality of other programs.

Increase in system crashes.

IMPACT OF SPYWARE

15

Spyware have the ability to monitor keystrokes, scan files on the hard drive,

Or install other spyware programs, read cookies, change the default home page on the Web browser, consistently relaying such information back to the spyware author who will either use it for advertising/marketing purposes or sell the information to another party.

IMPACT OF SPYWARE

16

RECOMMENDATIONS Don't install any application unless you are certain of what it does or where it

came from.

Avoid clicking advertised popups especially ones that mention “free” stuff if possible.

Use trusted softwares.

Always read the license agreement

Software and OS upgrades

Utilize browser’s security settings

Pop-up Blockers

Open Firewall

E-Mail Filters

Use Anti-Spyware Spy Sweeper Microsoft Windows Anti-Spyware Spyware Doctor

SUMMARY

17

18

THANKS FOR LISTENING