Sioux Fleming

1
Spyware and CA eTrust PestPatrol

• Sioux Fleming
• FSP Toronto, 5 November 2004

2
Agenda

• Introduction
• History of computer threats
• Definition and types of spyware
• Differences between spyware and viruses
• Spyware and the Help Desk
• CA eTrust PestPatrol Anti-Spyware
• Resources for more information
• Questions

3
Introduction

• Sioux Fleming, Director, Product Management
• Part of PestPatrol acquisition by CA
• Prior to PestPatrol, at Symantec in Anti-Virus
  and encryption security product management
• Technical support for enterprise customers
• QA for data recovery products

4
Overview of Spyware
5
The History of Threats
1980
Early 90s
1992
1994
1995
1996
1998
2000
2002
2003
Boot Sector
Word Virus
Bugbear, Blaster, SoBig, Welchia Sober MyDoom Nest
y Bagel
Java Virus BackOrifice Sunrise Hack
1300 Viruses
Linux virus
Code Red, Nimda, Anna
1st Worm Mac Viruses Jerusalem
Elk Cloner
Credit Card Theft, Mitnick arrested, 250k DoD
attacks
Melissa, Bubbleboy
DDoS, Lovebug

• Viruses, Boot Viruses, Worms, Applications, New
  O/S, Java, Hacks, Blended threats, DDoS
• Now Spam, Phishing, Spyware whats
  next?Answer look at what is paying

6
Definition of Spyware

• The term spyware means any software program that
  aids in gathering information about a person or
  organization without their knowledge, and can
  relay this information back to an unauthorized
  third party

7
Categories of Spyware

• Keyloggers
• Remote Access Tools (RATs)
• Dialers
• Browser and search hijackers
• P2P e.g. Gator, Grokster, Kazaa, etc.
• Pop-ups
• Trojans
• Spyware cookies
• Grey area
• Commercial remote access tools
• Commercial tools to monitor user web surfing
  habits
• Browser help objects

8
How do People Get Infected?

• Web browsing
• Unauthorized downloads
• File swapping
• Email attachments
• Instant messaging
• Installing legitimate software
  (malicious mobile code)
• Intentional installation by employee

9
Virus Versus Spyware

• SPYWARE
• Often legal accepted by consumer
• Typically a team of authors and business
  relationships
• Often many programs with multiple registry keys
• May have multiple processes that defend each
  other
• Motive for writing is profit

• VIRUS
• Illegal under all circumstances
• Normally one author
• Single program and registry key
• Motive for developing virus is varied - including
  notoriety
• Virus writers grow up and stop (or perhaps go on
  to write spyware)

10
The Problem is Growing
Number of Spyware Reports
1,200,000
1,100,000
1,000,000
900,000
800,000
700,000
600,000
500,000
400,000
300,000
200,000
100,000
-
Dec 03
Mar 04
Apr 04
May 04
June 04
July 04
Aug 04
Estimates of average monthly increase
Source CA Security Advisory Team, Center for
Pest Research
11
Why Complete Removal is Important

• Many spyware programs are tricklers will come
  back if pieces are left behind
• Many spyware programs load other spyware programs
• Some spyware programs hook the LSP stack and will
  interfere with the Internet connection

12
Kazaa install screen 3
13
Whats in jeopardy

• At Home
• Investment in computer and software
• Identity
• Privacy
• Bank accounts
• Reputation
• At Work
• Help Desk costs
• User productivity
• Brand equity and reputation
• Intellectual property
• Regulatory compliance
• Legal liability
• Revenue opportunity cost

14
Spyware and the Help Desk

• Typical calls
• System slowdown boot time and Internet access
  times increased
• Lost internet connection
• Web browser hijacked
• Search sites not behaving as usual

Source FTC June 2003
15
Spyware Impact on Help Desk

• Microsoft reports that 50 of all crash reports
  sent to them by Windows are spyware related
• Dell reports that 12-14 of all support calls are
  spyware related
• Several corporate customers have reported that
  40 of help desk incidents are spyware-related

16
Other Impacts on Business

• Legal liability and/or regulatory compliance
  costs
• Lost employee productivity due to slowdowns and
  business interruption
• Compromised company information or access to
  company assets

17
Performance Impact of Grokster
Source The Center for Pest Research
18
The Trickler Effect
Installing Grokster also gives you
BrilliantDigital, BroadcastPC, Claria, Cydoor,
DownloadWare, eAcceleration, FlashTalk,
FlashTrack, GAIN, IPInsight, KaZaA, MapQuest
Toolbar, NetworkEssentials, RVP, SaveNow,
SearchEnhancement, Stop-Popup-Ads-Now, TopSearch,
Unknown BHO, Unknown Hijacker, VX2.h.ABetterIntern
et, Web P2P Installer, webHancer, WurldMedia and
Xolox.
Source The Center for Pest Research
19
eTrust PestPatrol Anti-Spyware

• Comprehensive Anti-Spyware Solution

Conference Bridge (877) 498-4733
20
Anti-Spyware Complements Traditional Methods
Viruses Worms Trojans
Buffer Overflows IE Exploits Outlook Exploits
Spyware Adware Hacker Tools Distributed Denial-
of-Service Zombies Keyloggers Trojans
Hack in Progress Routed Attack Port Scan
21
Other Sources of Information

• COAST Consortion of Anti-Spyware Technologies
  www.coast-info.org
• FTC Spyware workshop April 2004
  www.ftc.gov/bcp/workshops/spyware/
• Spyware Guide www.spywareguide.com
• Spyware information research.pestpatrol.com
• www.microsoft.com/athome/security/spyware/

22
Questions?
23
(No Transcript)