Spyware and Prevention

NAME : MD.RIYAZ PASHA

H.T NO:10S11A1226

ABSTRACT
Spyware belongs to a group of software known as malware, or
pestware. It sends information to another destination on the Internet from a computer without the user's explicit consent and knowledge Spyware is a growing problem on the desktops of American Standard users. Most spyware comes bundled with peer-to-peer file-sharing programs, such as iMesh,Bear Share and Kazaa.

Your computer could be watching your every move!

Introduction
Definition : A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use Spyware to gather data about customers. The practice is generally frowned upon.

Software Examples
GAIN / Gator Gator E-Wallet Cydoor BonziBuddy MySearch Toolbar DownloadWare BrowserAid Dogpile Toolbar

EXISTING SYSTEM :
Push Advertising Pull Tracking Personal data

Symptoms
Targeted Pop-ups Slow Connection

Targeted E-Mail (Spam)

System Crash

Program Customisation

Summary of Effects
Collection of data from your computer without consent Execution of code without consent Assignment of a unique code to identify you Collection of data pertaining to your habitual use Installation on your computer without your consent Inability to remove the software Performing other undesirable tasks without consent

GAIN Case Study

Installed IMesh, which includes Gator Installation We accessed multiple internet sites We simultaneously analyzed network traffic (using IRIS) We found the packets of data being sent to GAIN Packets were encrypted and we could not decrypt them

See Example ->

Certificate asking
verification

Disadvantages
Browsing profiles created for users without consent
Used for target marketing and statistical analysis

Unable to remove Spyware programs or disable them

Increased number of misleading / inappropriate pop-ups Invasion of user privacy (hidden from user)

Often badly written programs corrupt user system

Automatically provides unwanted helpful tools 20 million+ people have Spyware on their machines.

Vulnerable Systems
Those with an internet connection! Microsoft Windows 9x/Me/NT/2000/XP Does not affect Open Source OSs Non - fire-walled systems Internet Explorer, executes ActiveX plug-ins

Other browsers not affected

Proposed System
Spyware is constantly growing and evolving. From simple software for promoting ads, it has now grown into a serious security threat with financial motives behind it. A study by the Tel Aviv based Aladdin . Knowledge Systems in 2005 found that as much as 70 percent of the new virus and worm code also contained spyware components [3]. With time we will see, more and more such integration of spyware with viruses and worms. Spybot W32 is a prototype of such kind of future virus/worm/spyware. Coming together of spyware and virus authors is perhaps the most troublesome aspect of future for the antispyware industry. Recently, a virus was in circulation which could disable Zone Alarm so that the spyware can carry on doing their stuff without getting interrupted. New age spyware like the CoolWebSearch browser hijacker employ the update feature in much the same way as antispyware do

 Mutating spyware is going to be the spyware of the future. Although behavior based detection technique are able to catch them but these techniques are not perfect and generate too many false positives and negatives . Eventually they require human intervention to take a decision. If the computer user is not aware and knowledgeable these spyware can work unnoticed. We have seen how prolific spywares growth has been in recent years. This becomes even more astonishing if we consider that there is no spyware toolkit, like viruses. A spyware author therefore has to be a technically capable person. What will happen if such a toolkit is developed and there is no reason to believe it wont be? Any person with malicious intent and with no or little technical expertise will be able to write a spyware.

Spyware Defence
User Initiatives
Issue Awareness Use Legitimate S/W Sources Improved Technical Ability Choice of Browser Choice of OS Legal action taken against breaches of privacy Oct 02 Doubleclick

Technical Initiatives...
Spyware Removal Programs Pop-up Blockers Firewall Technology Disable ActiveX Controls Not Sandboxed E-Mail Filters Download Patches

Spyware Removers
Ad-aware (by Lavasoft)
Reverse Engineer Spyware Scans Memory, Registry and Hard Drive for
Data Mining components Aggressive advertising components Tracking components

Updates from Lavasoft Plug-ins available

Extra file information Disable Windows Messenger Service

Image Source Screenshot of Ad-aware 6.0. LavaSoft. See http://www.lavasoft.com

CONCLUSION
As we saw from the statistics in the beginning of this report, spyware is growing tremendously and it is affecting enterprises and personal usage alike. One alarming aspect of this is that the worst is yet to come. Continuing the discussion at the end of the previous section, we are about to see a spyware boom and the need to be protected against it is now becoming a necessity. To mitigate the threat that spyware poses it needs to be attacked from as many fronts as possible at the same time

FUTURE SCOPE
The third and final part of the solution is the technical side of it. Recent advances in antispyware technologies are certainly helping to protect people against spyware. The focus is now shifting to proactive measures which detect and prevent spyware installation rather than the reactive measures for detection and removal after they have been installed. Real time protection, EULA analyzers and interest based detection are a few of those technologies which detect spyware before they start working and do not wait until they are done. A number of people in the academia and the industry have spotted the potential danger and a number of researchers are directing their attention towards this area of the malware industry.

The emergence of companies like Microsoft, McAfee and Norton in the antispyware business is a harbinger of better things to come to the

protection of people from this nuisance.

To conclude the report I would say that this growing dark cloud can only be prevented by a collective effort and collaboration from the internet users, researchers, corporations and the lawmakers alike. Spyware needs to be

attacked from all sides possible to prevent it from owning the internet and
everybody will have to do their bit. Aware internet users, stringent laws and advanced antispyware technologies are the answer to this growing threat.

Bibliography / Links
[1] "Spyware" Definition - BlackICE Internet Security Systems - http://blackice.iss.net/glossary.php [2] "Trojan Horse" Definition Texas State Library and Archives Commission - http://www.tsl.state.tx.us/ld/pubs/compsecurity/glossary.html [3] Zeinalipour-Yazti, D. Exploiting the Security Weaknesses of the Gnutella Protocol, University of California. [4] Joshi, R. Network Security Applications, Merchantile Communications, CANIT Conference 2003. [5] CERT Advisory CA-1999-02 http://www.cert.org/advisories/CA-1999-02.html [6] Spyware Guide http://www.spyware-guide.com [7] Trojan Horses - http://www.mpsmits.com/highlights/trojan_horses.shtml [8] Trojan Horse - Back Orifice - http://www.nwinternet.com/~pchelp/bo/bo.html [9] NetBus - http://www.nwinternet.com/~pchelp/nb/netbus.htm [10] BBC News - http://news.bbc.co.uk/1/hi/technology/3153229.stm [11] Wired News Judge takes bite out of Gator www.wired.com/news/politics/0,1283,53875,00.html [12] Tracking Cookies Demonstration at http://www.irt.org/instant/chapter10/tracker/index4.htm [13] BonziBuddy - http://www.bonzi.com/bonzibuddy/bonzibuddyfreehom.asp [14] Unwanted Links (Spyware) http://www.unwantedlinks.com [15] Andersen, R. "Security Engineering", First Edition, J. Wiley and Sons, 2001. [16] Scacchi, W. Privacy and Other Social Issues, Addison-Wesley, 2003. http://www.ics.uci.edu/~wscacchi/Tech-EC/Security+Privacy/Privacy.ppt