Transcript Spyware and other annoying Pop-ups

Spyware and other annoying
Pop-ups
What are we going to learn?
•
•
•
•
•
•
What is spyware
What is the threat
Where does it come from
Why does spyware exist
How do I prevent spyware infections
How do I get rid of spyware
What is Spyware?
• Spyware originated in the 1990's with
programs that secretly observed and logged
your web surfing habits
• Spyware can do more than steal your
personal information. It can also rob your PC
of its speeds, stability and Internet access
efficiency.
What is the threat?
• Spyware is now the single largest problem
facing Internet users today
– volume far outstrips spam and regular virus
infections
– Spyware usually refuses to be uninstalled
through your control panel
– covertly install themselves on your computer
– perform secret operations without your
permission
Is Adware the same as Spyware?
• Adware is a subset of Spyware with a definite distinction.
• Adware delivers specific advertising (pop-ups) on user’s
computers which can be annoying when undesired.
• Adware is generally not malicious or illegal.
• Adware can be Spyware when it tracks browser activity and
reports such activity back to some unknown recipient.
Adware Example
Types of Spyware
• Spyware has now evolved into dozens of
other malicious forms:
– Sneakware
– Adware
– Keyloggers
– Browser hijackers
What is Sneakware
• Sneakware - Uses deceptive means to
sneak onto your computer.
– Users may grant permission, but is often
unaware.
– permission is buried deep within EULA
– vendor often tries to fool naïve users into
thinking they are at risk if they don’t install it.
What is Adware?
• Adware - Software that gathers information
about your Web-surfing habits in order to
target you with pop-up advertisements for
products and services that might be of
interest to you.
Adware Example
What is a keylogger?
• keyloggers are applications that monitor a
user's keystrokes and then send this
information back to the malicious user.
What are browser hijackers?
• Browser hijackers are malicious programs
that
– change browser settings, usually altering
designated default start and search pages.
– Some produce pop-up ads for pornography
• add dozens of bookmarks
• redirect users to porn websites when they mistype
URLs.
Spyware Threat Statistics
•
•
•
•
80% of all PCs have been infected by spyware
91% of PC users are aware of spyware
The average PC has 93 spyware components on it
89% of infected users are unaware of the spyware found on
their machines
• 95% of infected users did not give permission for the software
identified as spyware to be installed on their machines
• 20% of calls to Dell’s helpdesk are spyware related (source: Dell)
• Microsoft estimates that 50% of all PC crashes are a result of
spyware
Spyware statistics
•
Severe Threat – 15% of spyware threats send private information gathered
from the end user currently logged on to the infected system: logging the user's
keystrokes, logged-on user name, hash of administrator passwords, email
addresses, contacts, instant messengers login and usage, and more.
•
Moderate Threat – 25% percent of spyware sends information gathered from
the victim's operating system, including the computer (host) name, domain
name, logs of all processes running in memory, installed programs, security
applications, client's internal IP address, OS version, the existence and versions
of service packs and security updates, TCP ports the spyware is listening to,
Computer Security Identifier (SID) ,default browser's homepage, browser plugins, etc.
•
Minor Threat – 60% of spyware transmits gathered commercial-value
information about the end user's browsing habits. This includes keywords used
in search engines, browsing habits and ratings of frequently visited websites,
shopping reports etc.
Why does Spyware continue?
SPYWARE APPLICATIONS GENERATE AN
ESTIMATED $2 BILLION IN REVENUE
ANNUALLY.
How do you make money on Spyware?
• iFrameDollars.biz
– pays 55 cents per install or $55 for 1,000
unique installs of a 3KB program that
"changes the homepage and installs toolbar
and dialer."
– Website owners install the code on their site
and web visitors get the code installed on
their computer.
How Adware Gets on Your PC
How does spyware get on your PC?
• Drive-by downloading (rogue affiliates)
– Websites use vulnerabilities in IE to install
spyware without your knowledge or
permission
• Intentional Installs
How does spyware get on your PC?
• Viruses and Trojans
– Some viruses install spyware
• Software Bundles
– Legitimate freeware may install spyware or adware as
a way to ‘pay the bills’.
• P2P software is notorious for this..
– Morpheus, Kazaa, eDonkey, Bit Torrent, etc.
– Often times spyware is authorized by the EULA
Is spyware different than viruses
• Spyware differs from viruses and worms in
that it does not usually self-replicate.
• Like many recent viruses, spyware is
designed to exploit infected computers for
commercial gain.
• Spyware may have to same effect as viruses
The clues that spyware is on your
computer
• a barrage of pop-up ads
• a hijacked browser — that is, a browser that takes you to sites
other than those you type into the address box
• a sudden or repeated change in your computer’s Internet home
page
• new and unexpected toolbars
• new and unexpected icons on the system tray at the bottom of
your computer screen
• keys that don’t work (for example, the “Tab” key that might not
work when you try to move to the next field in a Web form)
• random error messages
• sluggish or downright slow performance when opening programs
or saving files
How do I prevent spyware?
• Visit trustworthy Web sites
• Read user reviews, download site reviews, or analyst/press reviews (i.e.
CNet, ZDnet, Tucows) on software you intend to download
• Before installing any software, carefully read license agreements, and
privacy statements for how information is collected
• To close pop-ups, ignore the message and just click the Windows close
"X" button
• Run anti-spyware software to clean and block spyware in real time
• Download and install the latest updates for your anti-spyware software
and Microsoft Windows operating systems
• Set appropriate security settings for Internet Explorer.
• Use a separate, non-mission-critical machine for testing downloaded
software
• Install a personal firewall to track outgoing connections before and
after installing downloaded software
How do I prevent spyware?
• Don’t install "free programs," specifically file sharing programs,
until you know all the software that’s bundled with it
• Don’t click on attachments or links in emails or internet
messages if you don’t know the sender or even if you know the
sender, but the content is unexpected.
• Don’t give permission to unknown software to install itself on
your computer
• Don’t click on links or buttons on pop-up windows even a click
on the "no" and "cancel" buttons can install spyware your
machine
• Don’t install non-work-related software onto your work
computers
• Save your data and backup often
How do I get rid of spyware?
• Remove your computer from the network
• Run anti-spyware programs to identify
malware
• Uninstall / remove malware programs
• Once you complete these steps you will most
likely need to re-format and re-load the
computer.
Spyware Legislation
• Securely Protect Yourself Against Cyber
Trespass Act or SPY ACT
• Computer users have to be informed before
spyware is installed
• Clear explanation of what spyware does
• Sitting in a the Senate pending approval
Questions?