West Virginia University MALWARE. Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 1

Similar documents
Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Guideline for Prevention of Spyware and other Potentially Unwanted Software

An Analysis on Spyware Law SB 1436 (November 2004)

Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide

Spyware Linkages to Malware and its Affects A Multi-Layered Approach to Stopping Information Theft

What's the difference between spyware and a virus? What is Scareware?

How Spyware and Anti-Spyware Work

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Welcome to Part 2 of the online course, Spyware and Adware What s in Your Computer?

How To Understand What A Virus Is And How To Protect Yourself From A Virus

Countermeasures against Spyware

COMPUTER-INTERNET SECURITY. How am I vulnerable?

Introduction to Free Computer Tools

Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning

BE SAFE ONLINE: Lesson Plan

Spyware. Summary. Overview of Spyware. Who Is Spying?

Malware, Spyware, Adware, Viruses. Gracie White, Scott Black Information Technology Services

FAKE ANTIVIRUS MALWARE This information has come from - a very useful resource if you are having computer issues.

Spyware Doctor Enterprise Technical Data Sheet

Security and Protection in Real-Time

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Understanding Spyware

Protecting Organizations from Spyware

Student Tech Security Training. ITS Security Office

A Crawler-based Study of Spyware in the Web. Alex Moshchuk, Tanya Bragin, Steve Gribble, Hank Levy

Spyware and Adware What s in Your Computer?

What you need to know to keep your computer safe on the Internet

Software. Webroot. Spy Sweeper. User Guide. for. Webroot Software, Inc. PO Box Boulder, CO Version 6.

Anti-Spyware Coalition Definitions and Supporting Documents

Introduction to Computer Security Table of Contents

Remote Deposit Quick Start Guide

Securing small business. Firewalls Anti-virus Anti-spyware

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

Computer Viruses: How to Avoid Infection

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

Computer Protection. Computer Protection. Computer Protection 5/1/2013. Classic Battle of Good vs Evil. David Watterson & Ross Cavazos

Advanced Online Threat Protection: Defending. Malware and Fraud. Andrew Bagnato Senior Systems Engineer

Bookmarks for Desktop Self-Defense

Computer Security Maintenance Information and Self-Check Activities

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

Module 5: Analytical Writing

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

1. Threat Types Express familiarity with different threat types such as Virus, Malware, Trojan, Spyware, and Downloaders.

white paper Malware Security and the Bottom Line

Statistical Analysis of Internet Security Threats. Daniel G. James

Keeping you and your computer safe in the digital world.

SP0346, LD 1029, item 1, 123rd Maine State Legislature An Act To Create the Maine Spyware Prevention Act

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Security and Usability of Anti-spyware software

Certified Secure Computer User

Frequent Smart Updates: Used to detect and guard against new infections as well as adding enhancements to Spyware Doctor.

Spyware. How to avoid hidden software on your computer

Protection for Mac and Linux computers: genuine need or nice to have?

A Bill Regular Session, 2005 HOUSE BILL 2904

MOBILE MALWARE REPORT

Spyware: Securing gateway and endpoint against data theft

Spyware Analysis. Security Event - April 28, 2004 Page 1

Certified Secure Computer User

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

HoneyBOT User Guide A Windows based honeypot solution

SPYWARE: AN EXPLORATION OF INCIDENCE AND STUDENT PERCEPTION

What is Spyware? Daniel Jonasson Johan Sigholm Abstract. 2 Theory.

Chapter 10. Privacy and Security. McGraw-Hill/Irwin. Copyright 2008 by The McGraw-Hill Companies, Inc. All rights reserved.

Why you need. McAfee. Multi Acess PARTNER SERVICES

Spyware Study. Prof. Robila CMPT 495. Computer and Data Security. Group: Francis Rivera Douglas Schemly Igor Yussim. Due:

Security Practices Essentials. Viruses McAfee Virus Software Critical Windows Updates Network Settings. Spyware Adaware Spybot Windows Defender

The Care and Feeding of Your Computer Troubleshooting and Maintenance

Getting Ahead of Malware

NewNet 66 Network Security

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Spyware and Viruses. There is a distinct difference between spyware and viruses.

Computer Security. Uses Zip disks that hold up to 750 MB of data. Must buy and hook up the drive.

Consumer Software Working Group

PC & Internet Security

How to Use Windows Firewall With User Account Control (UAC)

Think Before You Click. UH Information Security Team

Running head: SPY? WHERE?: UNDERSTANDING SPYWARE

ViRobot Desktop 5.5. User s Guide

Don t Fall Victim to Cybercrime:

Measurement and Analysis of Spyware in a University Environment

User Guide for the Identity Shield

Secure Your Mobile Workplace

Virus Definition and Adware

Information Security Training on Malware

Defending Behind The Device Mobile Application Risks

KASPERSKY SMALL OFFICE SECURITY (Version 3) Features List

SPYWARE & MALWARE. ComputerFixed.co.uk Page: 1 info@computerfixed.co.uk. How do you get infected? Will Anti-virus software protect me?

Stopping zombies, botnets and other - and web-borne threats

The answers vary widely, but there are five components to every spyware definition:

E-BUSINESS THREATS AND SOLUTIONS

WEB ATTACKS AND COUNTERMEASURES

MacScan. MacScan User Guide. Detect, Isolate and Remove Spyware

Malware. Björn Victor 1 Feb [Based on Stallings&Brown]

CYBER-SAFETY BASICS. A computer security tutorial for UC Davis students, faculty and staff

Anti-Spyware Coalition Definitions and Supporting Documents

The Increasing Threat of Malware for Android Devices. 6 Ways Hackers Are Stealing Your Private Data and How to Stop Them

thriller INTERNET SECURITY

Payment Fraud and Risk Management

ESET SMART SECURITY 6

Welcome To The L.R.F.H.S. Computer Group Wednesday 27 th November 2013

Transcription:

MALWARE Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 1

Mobile malware Mobile malware cases nearly triple in the first half of 2012 [PCWorld] Estimate: 13 million phones infected in the first half of 2012 NetQin findings 17,676 mobile malware programs detected during 2012's first half 25% China, 17% Russia, and 16.5% U.S. 5,582 malware programs designed for Android during June 2012 only 3.9 million phones in China infected with money-stealing malware that sends out text messages to trigger fee-based mobile services $616,533 each day A Survey of Mobile Malware in the Wild Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 2

Mobile malware Apple App Store are reviewed by Apple for security If ios users want to install applications from other sources, then they must jailbreak their devices Android Market Most Android phones allow users to install applications from unofficial markets Android mobile OS Jelly Bean improved system's security Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 3

SPYWARE Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 4 Copyright K. Goseva-Popstojanova 2012

The growing problem of spyware Very broad definition: Spyware is software that is installed without a user s informed consent and it does things the user might not want to have done A growing problem that threatens the stability, performance, security, and privacy Based on a September 2004 survey, Dell estimates that 90% of Windows PCs harbor at least one spyware program [1] More than 20% of PC s have some sort of spyware [4] Why do companies make this kind of software? Because they make money - business between $500 million and $2 billion a year [Los Angeles Times, May 2005] Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 5

Classes of spyware Cookies & Web bugs Passive form of spyware, no code of their own, rely on Web browser functions Cookies are small pieces of state stored on clients Web browsers. Can be retrieved only by the Web site that initially stored them. Web bugs are invisible images embedded on pages. Browser hijackers Change user s Web browser settings Modify home page, search functionality, etc. Use several mechanisms Installing a browser extension (i.e., browser helper object BHO) Modifying Windows registry entries Modifying or replacing browser preference files Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 6

Classes of spyware Keyloggers Originally designed to record all keystrokes of users in order to find passwords, credit card numbers, and other sensitive information Expanded in scope to capture logs of Websites visited, instant messaging sessions, windows opened, and program executed Tracks Track is generic name for information recorded by an operating system or application about actions performed by the user (e.g., list of recently visited Web sites maintained by Web browsers, or list of recently opened files maintained by OS) Tracks can be mined by spyware Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 7

Classes of spyware Spybots Monitor user s behavior, collecting logs of activity and transmitting them to third parties Adware Examples of collected information: list of visited URLs, list of e-mail addresses to be harvested as spam targets Display advertisements tuned to the user s current activity, potentially reporting aggregate or anonymized browsing behavior to a third party Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 8

How spyware affects you & your system? Privacy sends information about Web sites you visit to the spyware vendor Security capture every keystroke, putting confidential information from passwords to credit card numbers at risk spyware programs have vulnerabilities which can be exploited by to launch attacks Reduced performance spyware uses system resources making your system slower System instability most spyware is not very well tested and debugged Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 9

Dirty spyware tricks Hide inside another program s installer Hundreds of freeware programs install some sort of spyware along with main application. Look for third party software may be installed along with the application in the end user license agreement Using confusing legalese Licenses full of vague & confusing prose Keep asking until you say Yes Delivered by ActiveX control that tries to load each time you visit a Web page where the spyware is present Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 10

Dirty spyware tricks Create a false pretense for needing the software Example: Install a greeting card viewer that send greeting cards to everyone in your address book Look essential or be invisible Use official-sounding name like winstartup Use different file names & locations, or generate a random filename Do not uninstall, even when asked A lot of spyware does not remove itself when you uninstall the application that originally installed the spyware Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 11

How spyware sneaks onto your system? Unlike viruses and worms, spyware is usually invited into a machine, albeit sometimes unwittingly Possible means: piggybacking on legitimate software, tricking a user into downloading them voluntarily, or exploiting browser vulnerabilities downloading software from untrustworthy sites free versions of commercial software P2P visiting malicious Web page with insufficiently strict Internet Explorer security settings any other channel that can send files or Web pages (including e-mail & instant-messaging file transfers) free online games, screen savers, song-lyrics sites Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 12

Downloading software & spyware C Net s Web site http://download.com provides free access to over 30,000 freeware and shareware software In [2] the top 10 most downloaded applications were tested for spyware using SpyBot S&D Spyware is packed in 4 out of 10 most downloaded applications (downloaded over 470 million times) Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 13

Two most common entry points for spyware User consent when installing spyware-bundled applications Many times the installer installs the spyware without clear informed consent from the user Users agree with End User License Agreements (EULA) which with a vague and legalistic language describe the bundled software Often have over 5,000 words EULA statements may appear in tiny print, or in very small window Prevention: Do background research on free applications before you install them ActiveX break-ins through Internet Explorer ActiveX technology provides a highly privileged interface between network programs and the local OS Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 14

Anti-spyware tools Use anti-spyware tools Spybot Search & Destroy (available free and regularly updated http://www.safer-networking.org/ Lavasoft s Ad-Aware (free and commercial versions) http://lavasoftusa.com Microsoft AntiSpyware (free beta version, includes scanner which finds and removes known spyware, and a protection module which remains resident and defends against new spyware installations) Be careful: anti-spyware market is flooded with misleading or Trojan products Examples: Ad-Eliminator and SpyBan are in fact spyware carriers themselves Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 15

Anti-spyware tools Each spyware program requires different removal procedures Signature based detection So far, none of the anti-spyware packages is 100% effective Run system scans with two or more of the popular antispyware programs Often manual removal, which can include editing the Windows registry and deleting files, is necessary Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 16

Law in action California passed the first anti-spyware low, which took effect at the start of 2005 It disallows several of the nastier tactics Homepage & bookmark hijacking Disabling existing security software Immortal pop-up ads Falls short of prohibiting the most common EULA tricks Vendors are required to notify the user, but not to ask permission The Internet Spyware Prevention Act (I-SPY) imposes penalties and punishments on creators of computer spyware First introduced in the House of Representatives 2004 and passed in 2005 Reintroduced in March 2007 to further prosecute makers of spyware Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 17

Solutions [1] Technical Education & protection Put users in control of what software winds up on their machines Legal Disallow sneaky and shady installation procedures and byzantine license agreements with unreasonable demands Aggressive prosecution Practices employed by many spyware programs are already illegal under existing lows against consumer fraud and identity theft Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 18

References 1. A. Weiss, Spyware Be Gone!, networker, Volume 9, Issue 1, March 2005, pp. 19-25, access through the ACM Digital Library on http://www.libraries.wvu.edu/databases 2. S. Saroiu, S. D. Gribble, and H. M. Levy, Measurement and Analysis of Spyware in a Environment, Proceedings of the 1 st ACM/USENIX Symposium on Networked Systems Design and Implementation, March 2004, pp. 141-153. (just Google it) 3. Communication of the ACM, August 2005, Volume 48, Number 8, access through the ACM Digital Library on http://www.libraries.wvu.edu/databases 4. PC Pitstop Spyware center, http://www.pcpitstop.com/spycheck/default.asp Copyright 2K.Goseva-Popstojanova 2011 CS 465 Introduction to Computer Security Slide 19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information