Spyware

1
Spyware Adwareby Dominique Fruchtmanwww.consul
tdom.comconsultdom_at_comcast.net

• SPYWARE
• What is it?
• Why is it bad?
• How do I get rid of it?
• How do I keep it off?
• www.pchelp911.com/files/startcop.zip

2
Bad News

• Corrupt hard drive, damaged operating system
• Exposure of private information
• Stolen usernames and passwords
• Identity theft
• Spyware and adware finds you when you...
• Visit web sites or open spam, automatically
  installing on your machine without you knowing
• Visit a web site and it assigns you a tracking
  cookie
• Share music, files or photos with other users
• Install programs without fully reading license
  agreements

3
Spyware Stats Symptoms

• 9 out of 10 Internet-connected PCs are infected
  with spyware and adware
• A recent study found an average of 26 spyware and
  adware traces per scan.
• Increased pop-up ads
• Slow computer performance
• Unexplained home page change
• Mysterious web search results

4
SpywareDefined

• Strictly defined, spyware consists of computer
  software that gathers and reports information
  about a computer user without the user's
  knowledge or consent. More broadly, the term
  spyware can refer to a wide range of related
  malware products which fall outside the strict
  definition of spyware. These products perform
  many different functions, including the delivery
  of unrequested advertising (pop-up ads in
  particular), harvesting private information,
  re-routing page requests to fraudulently claim
  commercial site referral fees, and installing
  stealth phone dialers.

5
Spyware vs. Adware

• Spyware as a category overlaps with adware.
• Many web browser toolbars may count as spyware.
• Adware load ads from a server and displays them
  while you run a program, with your permission
• Software developer gets ad revenue
• User gets to use the program free of charge.
• In these cases, adware functions ethically.
• If the software collects personal information
  without permission (a list of websites visited,
  for example, or a log of keystrokes), it may
  become spyware.

6
Spyware Barnacles

• Programs installed with your knowledge do not
  constitute spyware
• Some legit software installs additional programs
  to collect data or distribute ads
• These barnacles can
• Drastically impair system performance
• Abuse network resources
• Slow throughput/impede internet speed
• Difficult or impossible to remove

7
Spyware vs. Virus

• Both
• Install without the user's knowledge or consent
• Cause system instability
• A Virus
• Replicates itself, spreading copies to other
  computers
• Relies on users with poor security habits in
  order to spread
• Spyware
• Does not replicate
• Relies on persuading ignorant users to download
  and install by offering some kind of bait (such
  as freeware)

8
Appears harmless, even fun

• A common spyware program targeted at children,
  Bonzi Buddy, claims that
• He will explore the Internet with you as your
  very own friend and sidekick! He can talk, walk,
  joke, browse, search, e-mail, and download like
  no other friend you've ever had! He even has the
  ability to compare prices on the products you
  love and help you save money! Best of all, he's
  FREE!

9
Spyware does

• Start every time the computer boots up
• Uses CPU cycles and RAM
• Reduces system stability
• Runs at all times
• Cannot be shut down
• Monitors Internet usage
• Delivers targeted ads
• Does not replicate onto other computers
• Functions as a parasite but not as an infection

10
A Virus goes beyond

• A virus carries a payload
• May damage user's system (deleting files)
• May make PC more vulnerable to further attacks by
  opening up a "back door
• May put the machine under the control of
  malicious third parties for spamming or
  denial-of-service attacks.
• Replicates itself onto other computers.
• Functions not only as a parasite, but as an
  infection as well.

11
Spyware Damage

• Spyware does not damage the data files
• Intentionally invades your privacy
• Steals bandwidth
• Can cause users to reformat the hard drive
• Can cause users to reinstall the operating system
• Can prove expensive in terms of anti-spyware
  programs

12
Rapid Accumulation

• Windows-based computers rapidly accumulate
  spyware components
• Spyware infection (privacy issues aside) include
• Substantial loss of system performance more
  than 50 in extreme cases
• Major stability issues crashes and hangs
• Difficulty in connecting to the Internet
• Spyware (often inadvertently), modifies DLLs
  needed for connectivity

13
Monetary Consequences

• Spyware infection requires professional help more
  than any other single cause
• No user awareness of spyware
• User assumes system performance, stability,
  and/or connectivity issues relate to hardware,
  Windows installation problems, or a virus

14
Additional Consequences

• Stealth dialers attempt to connect directly to a
  particular telephone number rather than to a
  user's own intended ISP
• The number in question involves long-distance or
  overseas charges
• Results in massive telephone bills

15
Windows System Files

• Targetsoft, for example, modifies system files to
  make themselves harder to remove
• Targetsoft modifies the Winsock (Windows Sockets)
  files.
• If you delete the spyware-infected file
  "inetadpt.dll, it will interrupt normal network
  usage

16
How Spyware Sneaks In

• The spyware component comes bundled with an
  otherwise apparently useful program
• Programs are free, to encourage the wide uptake
  of the spyware component
• This applies especially with file-sharing clients
  such as Kazaa, and other P2P applications
• Xolox.com is one of the few that is Spyware-free

17
Internet Explorer

• Spyware takes advantage of security flaws in
  Internet Explorer.
• Internet Explorer installs Spyware via a drive-by
  download with or without a prompt.
• A drive-by download takes advantage of easy
  installation via an ActiveX control or components

18
Cookies

• An HTTP cookie can count as Spyware.
• A search engine website could assign an ID code
  to a user the first time he/she visits
• It stores all search strings in a database with
  this ID as a key
• It can use this data to select advertisements to
  display to that user
• It can also transmit derived information to third
  parties.

19
Inadvertently Installing Spyware

• Granting permission for web-based applications to
  integrate into one's system can also load
  spyware. These Browser Helper Objects known as
  Browser Hijackers embed themselves as part of a
  web browser.
• Spyware usually installs itself by some stealthy
  means. User agreements for software may make
  references (sometimes vague) to allowing the
  issuing company of the software to record users'
  Internet usage and website surfing. Some software
  vendors allow the option of buying the same
  product without this overhead.

20
Drastic Measures

• Clean Install of Windows
• Only consider it when a problem has become so
  severe that the PC has become non-functional
• You must have a complete back up of your data
  along with all the setup disks
• A clean install means erasing all the data from
  your hard drives, formatting, and re-installing
  the operating system
• Always install the latest updates/Service Packs
• Only advanced users or a computer technician
  should attempt this remedy

21
The Best Cure Microsoft to the Rescue

• Windows Antispyware may be the best shot at
  repairing system performance lag
• You download this program free of charge as of
  March 2005
• If you choose not to invest in Windows XP must
  look for other remedies, but look at the relative
  cost

22
Combating Spyware

• Spyware Removal Programs buy one
• Rarely, some free purge a system of spyware, only
  to install their own
• Spyware takes advantage of Internet Explorer
  vulnerabilities
• Disabling ActiveX in Internet Explorer will
  prevent some infections. However, websites that
  make use of ActiveX will no longer work
• Better than that, use a less vulnerable browser
  such as Mozilla Firefox (www.getfirefox.com)

23
(No Transcript)
24
Non-Windows PCs are safer

• Currently-known spyware does not specifically
  target non-Windows systems, such as those running
  Mac OS or Linux
• Most people online use Windows there is little
  financial incentive to bother with Mac and Linux

25
More Prevention

• When you install a free program, use a search
  engine to see if this program has a reputation
  for bundling spyware
• AOL Instant Messenger, has debatable components
  that can be unchecked at the time of installation
  
• It pays not to rush through the installer

26
Why doesnt Virus software help?

• Anti-virus products (Norton, McAfee, Trend Micro
  have lagged in responding to the threat of
  spyware because
• Differences between spyware and viruses
• Spyware may inform end-users, albeit in hidden
  legal jargon, what it will do. Spyware
  originators use this escape clause - "Well, we
  told the user what our software would do, and
  they installed it anyway"
• The difficulty of defining spyware
• Some spyware comes bundled with legitimate
  programs that a user agrees to install removing
  the Spyware could disable the program

27
How is a Virus different?

• Viruses usually originate with individuals.
• Spyware originates from companies
• Spyware employs effective legal teams
• Spyware can sue makers of anti-spyware software
  for listing their product(s) as spyware
• This makes scanning for and cleaning spyware
  different from the anti-virus world
• Virus writers operate anonymously outside the law
  and would reveal their identity by suing

28
Incomplete Spyware List, classified by effect

• Generating pop-ups
• 180 Solutions
• DirectRevenue
• lop.com (advertising, pop ups, security risk,
  tries to dial out at random)
• Generating pop-ups, damaging and/or slowing
  computers
• Bonzi Buddy
• Cydoor
• Gator, Claria Corporation (Ads, pop ups, privacy
  violation, significant security risk, partially
  disables firewalls, stability issues, hard to
  remove)
• New.net (security risk, stability issues, common
  cause of inability to connect)
• ShopAtHomeSearch
• Hijacking browsers
• CoolWebSearch - a well-known browser hijacker
  some variants have a reputation for damaging the
  TCP stack when forcibly uninstalled
• Euniverse
• Xupiter

29
Spyware, contd

• Committing Fraud
• XXXDial
• Stealing information
• Back Orifice (arguably better categorized as a
  Trojan Horse, since its open source code
  militates against secrecy and -- unlike most
  spyware -- it has no commercial motive. Also has
  legitimate uses such as remote administration.)
• Masquarading as a Spyware remover
• SpyKiller
• Complete list here http//www.spywarewarrior.com/
  rogue_anti-spyware.htm

30
Spyware, contd

• Miscellaneous
• (Advertising, fake alert messages, possible
  privacy violation, security risk)
• MarketScore (Claims to speed up Internet
  connections serious privacy violation, loss of
  Internet connection on some systems)
• CnsMin (Made in China privacy violation. Preset
  in many Japanese PCs as JWord!)
• Known programs bundling adware
• Kazaa
• Bearshare
• DivX (except for the paid version, and the
  'standard' version without the encoder)

31
External Links

• External links
• Lavasoft Ad-Aware SE Personal (http//www.lavasoft
  usa.com/support/download/free) (Freeware
  Version)
• Aluria Software spyware removal (http//www.aluria
  software.com) Personal and business antispyware
  
• HijackThis (http//merijn.org) (mirrors
  1 (http//spywareinfo.com/merijn)
  2 (http//209.133.47.200/merijn/) 3
   (http//ftp.officefive.org.uk/sites/www.spywarein
  fo.com/merijn/) 4 (http//www.richardthelionheart
  ed.com/merijn)) offers utilities to remove
  several spyware problems which Ad-Aware or Spybot
  Search Destroy cannot currently fix.
• Hitman Pro (http//www.hitmanpro.nl) A bundle
  of related spyware removal software, in Dutch.
• Microsoft Anti-Spyware (http//www.microsoft.com/a
  thome/security/spyware/software/default.mspx)
  (Still in beta as of April 2005)
• PestPatrol 5 (http//www.pestpatrol.com/)
• Spybot - Search Destroy 6 (http//www.safer-ne
  tworking.org)
• Spyware Doctor 7 (http//www.pctools.com/spyware
  -doctor/)
• Spy Toaster 8 (http//www.spytoaster.com/)
• Spy Sweeper

32
Communities

•  www.forums.tomcoyote.org Spyware removal help
  forum, and classroom to teach removal techniques
• Google Spyware Removal Group (http//groups-beta.g
  oogle.com/group/spyware-removal)
• Bleeping Computer Spyware Removal
  Tutorials (http//www.bleepingcomputer.com/forums/
  tutecat38.html) tutorials for HijackThis,
  Spybot, and Ad-Aware.
• Geeks To Go (http//www.geekstogo.com/forum)
  Hijack assistance and malware removal forum.
• Spywareinfo Forums (http//forums.spywareinfo.com/
  index.php) help for removing adware, spyware
  and malware.
• SpywareWarrior  (http//spywarewarrior.com/index.p
  hp) forum that came under fire (http//www.netrn
  .net/archives2/000539.html) in May 2004 for
  posting information about a spyware company.

33
Guides

• Spyware/AdWare/Malware FAQ and Removal
  Guide (http//www.io.com/cwagner/spyware/)
• doxdesk.com parasite database (http//www.doxdesk.
  com/parasite/) Removal instructions for most
  common spyware/adware/malware parasites.
• Computer Security (http//www.boredguru.com/module
  s/articles/index.php?storytopic16) Tips and
  tricks for manually removing common trojans,
  adware and spyware.
• Rogue AntiSpyware List (http//www.spywarewarrior.
  com/rogue_anti-spyware.htm) list of spyware
  removal programs to avoid
• Prevention
• Financial investors who support spyware
   (http//www.benedelman.org/spyware/investors/) A
  list of investment firms which support large
  scale spyware companies.
• Spyware Prevention and Removal (http//www.pcrevie
  w.co.uk/articles/Internet/Spyware_and_Adware_Remov
  al/) How to prevent Spyware and Adware, and a
  guide to removing it should the worst happen.
• Spyware Prevention (http//www.freespywareremoval.
  info/prevention/) Proactively preventing spyware.
  
• Dealing with unwanted spyware and
  parasites (http//mvps.org/winhelp2002/unwanted.ht
  m).
• The Spyware Inferno (http//news.com.com/2010-1032
  -5307831.html) - article on the rise of spyware,
  with a hierarchical list of different kinds of
  spyware based on levels of danger.

34
Bottom Line

• Use Windows XP, Service Pack 2
• Use Mozilla Firefox instad of IE
• Regularly scan your PC with AntiSpyware
• Be cautious of downloads
• Read the EULA carefully
• Remember Spyware arrives quickly if you notice
  a sudden change in system performance, run a scan
  immediately