SCHOOL OF COMPUTER SCIENCES UNIVERSITI SAINS MALAYSIA CST 233 Information Security and Assurance Assignment 1

SPYWARE

LECTURER : DR. AMAN JANTAN NAME : OH YING SAN

SPYWARE WHITE PAPER

Contents 1.0 Abstract..3 2.0 Introduction..3 3.0 Motive/reasons of the spyware exists....6 3.1Marketing6 3.2Hacking6 3.3Government and Corporate Hacking.7 3.4Monitoring7 4.0 Types of spyware...8 4.1Adware..8 4.2Tracking cookies..9 4.3Browser hijackers10 4.4Key loggers.10 4.5Modem hijacking11 5.0 Spyware infection methods...12 5.1Intentionally installing file-sharing.12 5.2Visiting malicious web sites.12 5.3Failing to read or understand popup messages..13 5.4Opening spam HTML emails...13 5.5Spyware intentionally installed by someone.14 5.6Failing to use a firewall.14

SPYWARE WHITE PAPER

6.0 Solutions to get rid of spyware....15 6.1 Use effective and latest commercial anti-spyware software.15 6.2 Use the latest and most secured browse.....15 6.3 Beware on downloading files using peer-to-peer file sharing.16 6.4 Personally removing spyware..16 7.0 Case Studies..17 7.1Case Study 1: MarketScore spyware..17 7.2Case Study 2: GAIN (Gator) spyware..18 8.0Conclusion..19 9.0Reference...21

SPYWARE WHITE PAPER

1.0 Abstract
Spyware is one type of malicious software that collects information from a computing system without your consent. Spyware can capture keystrokes, screenshots, personal e-mail address, web from data, and other personal information. The data is often delivered to online attackers who sell it to others or use it for themselves for marketing or spam or to execute financial crimes or identity theft. Spyware can lead to financial loss, as in identity theft and credit card fraud and also reduce the trust and confidence of the consumers in online safety. This paper gives an overview of spyware and outlines some practices to defend against it to increase the awareness and the security knowledge of the internet user and improve the security system inside their computer.

2.0 Introduction
Spyware is a type of computer software that is installed onto a personal computer with the intention of taking partial control over the computer and without the permission or knowledge by the user. [2] Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the internet. Once installed, the spyware can use your internet connection to send information from your personal computer to some other computer and the spyware monitors user browsing habits,

SPYWARE WHITE PAPER

downloads and personal data such as email addresses, password, and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install it when they install something else. A common way to become a victim of spyware is to download certain peer-to-peer file swapping that available today. Aside from the questions of ethics and privacy, spyware steals the personal data from the user using the computers memory resources and eating bandwidth as it sends information back to the spywares home base via the users internet connection. That is the reason that spyware is using memory and system resources like memory and hard disk drive, the running in the background can lead to system crashes or the computer become slower than before. Actually, it is estimated that more than 90 percent of computers that are connected to the internet are affected with spyware. This is because the spyware is exist as independent executable programs, so they have the ability to monitor keystrokes, scan files on the hard disk drive, track other applications such as chat programs or word processor, install other spyware programs, read cookies and change the default home page on the web browser. Consequences of consistently relaying this information back to the spyware home base are either used it for marketing purposes or sell the information to another party.

SPYWARE WHITE PAPER

While this paper focuses on the issues of the motive or reasons of the spyware exists, spyware infection method onto the users computer, types of spyware exist and solutions to get rid of the spyware and some real cases study about the spyware.

SPYWARE WHITE PAPER

3.0 Motive/reasons of the spyware exists

Spyware exists for three primary reasons which are gathering marketing data, hacking, government and corporate hacking and monitoring. [1] 3.1 Marketing

Nowadays the marketing peoples are using the computers which attached to the internet. Because of this interconnectivity, it has become easy to monitors, records or even alters the everyday functions that marketing opponents perform on their computers. Of course, these spyware often take place without users permission and certainly constitute unethical or illegal activities. Therefore, the marketing agencies can build a very intimate marketing profile of the other opponents. The valuable information in the opponents computer is always relaying to the spyware home base which can causes the opponent get nothing in return and loss of privacy. 3.2 Hacking

Spyware might record every keystroke users make on their computer enabling hackers to monitor user logins, passwords and credit card numbers when the user type the keyboard even if the browser is in a secure session. Then, spyware could also slowly send all the documents in computer to someone without user knowledge. Normally, hackers track the password and username to login the

SPYWARE WHITE PAPER

online banking account to transfer all the money to another account or steal the credit card number. 3.3 Government and Corporate Hacking

Basically, spyware has been used by the government and in the field of corporate espionage for a long time ago. Spyware installed in a corporate environment could email sensitive documents such as politics, confidential data and financial details. In addition, spyware is used to collect information about foreign governments. The FBI sometimes uses it as a kind of digital wiretap to gather the evidence against someone. Spyware used is so hidden and independent executable program into computing and anti-virus manufacturers are creating loopholes in their software to ignore FBI spyware. 3.4 Monitoring

The most legitimate use of spyware is probably to monitor childrens activity. One of the options for keeping children safe on the internet, so the parents can take care and give advises to their children instead of control their activities in the Internet. Spyware gives the parents the ability to log email, chat logs and we sites for review and the parents can also blocking the unwanted websites that will affect their childrens mindset and thinking. However, some of the company are used the spyware to monitor their employees browsing habits to make sure they are working or not to enhance the companys performance.

SPYWARE WHITE PAPER

4.0 Types of spyware

There are many different types of spyware such as adware, tracking cookies, browser hijackers, key loggers and modem hijacking. However, new types of spywares are being created all the time so there is unlimited type of spyware on the internet. Various types of spyware have different features to track or record the confidential data, browsing habits and application usage. 4.1 Adware

Adware is the most noticeable form of spyware to the average computer user. Adware is a form of spyware designed to show user the advertisements. While the ads are usually harmless but the distraction they present can be annoying and their content can often be offensive. [4] In many cases, spyware that tracks and control the ads is permanently installed in the user computer without the permission. In other cases, the adware may display the ads in new browser windows that are known as pop-up or pop-under windows. For example when the user browsing the internet and suddenly have numerous windows popping up with all kinds of ads and closing the ads windows only causes the new ads to appear. Therefore, this type of spyware causes the computer to waste resources to download and display the ads. Between in the worst cases, the computer is unable to perform functions, become unstable while those ads are running and the internet bandwidth may be used to download ads and legitimate programs due to the overhead imposed on the system by the adware. Not only that but

SPYWARE WHITE PAPER

information and viewing habits is tracked and stored then this data will be sold to marketing companies who will send the junk mail and popup ads to the user. [10]

Figure 1: spamming popup ads by the adware [2] 4.2 Tracking cookies

Cookies are small files created to track users activity on site. In fact, many legitimate sites require cookies to work properly and to help the users save their personal settings and customization. However, the spyware version of tracking cookies are employed by some sites are used to record or track detail information, IP address and the sites users have visited. The recorded information is transmitted back to an individual or group. The information gathered is often sold to a wide variety of scammers and spammers for those who is willing to pay for it. This will causes a violation of privacy and onslaught of additional unwanted offers.

10

SPYWARE WHITE PAPER

4.3

Browser hijackers

This form of spyware is to hijack the browser and redirect it somewhere else. Some hijackers just simply change browsers home page to another site, this site usually is used to advertise products or services intended to make money for the company sponsoring the hijacking spyware. In most cases, the services are completely unwanted and the ads may contain offensive materials such as pornography, online gambling and pirated software. Even though the user changed back to the default page but next time it will change back to the offending page again. Some of the browser hijackers will eventually keep user from accessing the antivirus and anti-spyware sites. In other words, user cannot download tools from the infected computer to remove the spyware.[9] Real case: In October 13, Columbia notified students that its IT department

had "started blocking Internet traffic to and from a set of Internet addresses belonging to marketscore.com. These addresses were being used to hijack browsers to display ads and possibly perform other actions."
4.4. Key loggers

This category of spyware is used to record what user doing on the computer. The key loggers keep a file to save every keystroke that user made while using the computer. This type of spyware is able to transfer the information to another computer when user is online. When the user typing the sensitive email or instant messages, entering the credit card number or account number and key in

11

SPYWARE WHITE PAPER

the password for the bank account will periodically save and track in a folder then transfer to the hackers. With file compression and a high speed internet connection, the transmission is hardly to detect or notice on the average computer. The cyber criminals who take advantage of these types of spyware often use the information to gain access to account for purposes of identity theft. [3] Real case: In February 2006, the Brazilian police arrested 55 people involved in

spreading malicious programs which were used to steal user information and passwords to banking systems. The key loggers were activated when the users visited their banks websites, and secretly tracked and subsequently sent all data entered on these pages to cyber criminals. The total amount of money stolen from 200 client accounts at six of the countrys banks totaled $4.7million.
4.5 Modem hijacking

This type of spyware is using when a telephone modem for internet connection, an unscrupulous person may be able to install an online dialer on the computer to establish a new internet connection that uses 900 special numbers. Hence, this type of spyware not only affects users privacy but it can cost user in terms of money as well. Commonly, modem hijackers are attempting to dial private computer network and spam the users mail box. If the users open the email then it will initiate the dialer installation and additional spyware being transferred to users computer as well. [3]

12

SPYWARE WHITE PAPER

5.0 Spyware infection methods

Companies and individuals who push spyware onto the computer are relying on understanding about our own computer and how the program its work. Therefore, user has to investigate and find the ways of spyware onto the computer system via internet. The spyware infection methods are intentionally installing file-sharing, visiting malicious web sites, failing to read or understand popup messages, opening spam HTML emails, spyware intentionally installed by someone and failing to use firewall. 5.1 Intentionally installing file-sharing

File sharing is one of the easier ways that the spyware present in the computer. Download the installation program for a popular peer-to-peer file sharing network and install it and user install the spyware at the same time. This is due to the user agreed to have additional unrelated program installed on to the computer. In many cases, the spyware gets installed secretly without notice by the user. Normally, the freeware programs that user can download desktop themes, screen savers and games will secretly install spyware onto the system. 5.2 Visiting malicious web sites

In the internet, there are some web sites exist to push spyware onto users computer. When the user click on a link and suddenly transported to a web site that take a longer time to load. This is because the web site begins to download

13

SPYWARE WHITE PAPER

and install the spyware automatically. Many sites that perform this kind of automated spyware installation in the background while the browser is loading the web page. In other cases, maybe the original web sites have sold advertising space to the offending company and unaware of the advertisement contains code designed to infect computer with spyware. 5.3 Failing to read or understand popup message

Most of the users dont bother to read or understand the popup ads or warning messages then they just click YES or OK to get the message off from the screen. Sometimes, web browsers and operating system will pop up a message to the screen whether user wants to install a program or not. In another way they give user a chance to back out the transaction before the software installs. However, if the users unexpectedly or unaware of the spyware clicking OK without fully understand causes the browser redirected to a web site installs spyware. 5.4 Opening spam HTML emails

Spyware can end up users computer through the processing of the HTML code when user opens a spam HTML email. Besides that, whenever users click on a link in a spam email, the browser will opened to a new web site where the user can view more information. In reality, this is how the spyware is installed onto the computer along with the download of the web site.

14

SPYWARE WHITE PAPER

5.5

Spyware intentionally installed by someone

Spyware is used to spy on user and sometimes the people who want to spy on are the people user least suspect. Numerous programs for monitoring and recording computing activity to spy on the people used to gather the information and browsing habits. Hence, the spyware can able to track everything user view or type on the computer and the information user may not want to be known. 5.6 Failing to use a firewall

Sometimes the user forgot or failed to install a firewall which can prevent many spyware programs interfere when the user communicate with the world outside using the computers internet connection. Therefore, without the firewall the spywares are easily to install onto the computer.

15

SPYWARE WHITE PAPER

6.0 Solutions to get rid of spyware

The spyware installed secretly onto the computer which causes the peoples lost of privacy and money even more serious cases there is some people lost their valuable data and confidential personal details to others. Hence, the most important thing is protecting the computer system from spyware attacks. The solutions are use effective and latest commercial anti-spyware software, use the latest and most secured browser, beware on downloading using peer-to-peer file sharing and personally removing spyware. [9] 6.1 Use effective and latest commercial anti-spyware software

Usually the anti-virus and anti-spyware are combined for the total security of the computer system. This is due to the anti-virus can detect virus attacks and prevent those attacks from penetrating the computer system. However, the antispyware can also detect the malware programs and spyware programs are preventing spyware automatic installation into the computer system. 6.2 Use the latest and most secured browser

The user should consider what type of browser is safe and secure to use this is because the different browsers have different features. Furthermore, user should always consider the security features of the browser because it can prevent the portal of the spyware and viruses enter into the computer system. Then, user

16

SPYWARE WHITE PAPER

should set the browser settings into the most secured settings to prevent the attacks of spyware programs from the internet. 6.3 Beware on downloading files using peer-to peer file sharing When the user is downloading any files from the internet, they should read and understood those licenses first. Because there are files contains of spyware programs on it and sometimes stated on the license. 6.4 Personally removing spyware

User needs to has a knowledge of what kind of files are there, full registry back up before even attempting and know precisely what should be doing to the infected files. Then, the user should keeping the internet cache as empty as possible and staying away from looking downloads and websites. Watching the cookies contained after browsing session is a good way to see where some of the spyware is originating from so cookies removing is an effective preventative method.

17

SPYWARE WHITE PAPER

7.0 Case Studies

Review these case studies know how the spyware attacks onto the computer. There are two case studies which are MarketScore spyware and GAIN (Gator) spyware. 7.1 Case study 1: MarketScore spyware

In 2004, university reports have alerted students to a malicious spyware called MarketScore that masquerades as an Internet Accelerator. It is bundled with iMesh which is a popular peer-to-peer file sharing appilication. When downloading this application, it redirects all web traffic using MarketScores man-in-the-middle proxy, where the information is analyzed to create research reports on internet trends and e-commerce activities, according to MarketScore. When it infiltrates a system, it installs a root certificate on the workstations and allowing it to intercept secure SSL connections to banking sites and online purchasing websites. The connection harvests sensitive information including credit card numbers, bank account numbers, passwords, and financial data. The MarketScore monitors internet usage, selectively relaying information back to its servers when a keyword or targeted website is encountered or when a purchase is made from popular online merchants.

18

SPYWARE WHITE PAPER

7.2

Case study 2: GAIN (Gator) spyware

Gator is owned by Claria Corporation, which is a spyware bundled with the free versions of Kazaa and also available as applications like eWallet. Initially, a small seed program downloads onto the workstation and later the rest of the program is trickled through or updated. The trickler component remains on the host after the rest of the software is uninstalled and reloads the main application in the background. In the end, Gator can track a users web browsing, including gathering and transmitting information on search terms. Some versions keep track of the zip code, user IDs and machine IDs.

19

SPYWARE WHITE PAPER

8.0 Conclusion
Spyware continues to evolve and expand across the internet. Online advertising and large amount of users spending more time surfing the internet will continue to increase the spyware infections onto the computer system. Spyware annoys users, consumes bandwidth and computing capacity, exposes individuals privacy and personal details, and companys liability, security risks and financial data. There are many types of spyware in the internet like adware and tracking cookies are threat facing users computer today. Furthermore, spyware gets into users system by several paths and ways and installed onto the computer without knowledge and permission by the user. According to research by AOL and the National Cyber-Security Alliance, 89% of the users surveyed said that they had no knowledge of the spyware's presence, and 95% said that they had not given permission for the installation of the software. Hence, when the computer system performance is degraded due to the spyware taking most of the CPU cycles to perform its work and this can lead to application failure and system crashes. Therefore, the users have to reduce the chance of being infected and responsible for what he or she clicks on. In conclusion, the users have to be alert and aware of what is being gathered and sent from their computer and try the solutions to get rid of spyware. As far as possible, avoid clicking on pop-up ads, downloading one of the reputed anti-

20

SPYWARE WHITE PAPER

spyware software and running it regularly and removing cookies after browsing sites will prevent spyware from entering users computer. Prevention is better than cure when it comes to protection computer from any harmful spyware.

21

SPYWARE WHITE PAPER

9.0 References:
[1]Why does Spyware Exists http://www.del-valle.k12.tx.us/tech.net/why_does_spyware_exist.htm Date accessed: 7th march 2012 [2]Features of spyware, Figure 1 http://www.myleola.com/features-of-spyware.htm Date accessed: 7th march 2012 [3]Different types of spyware http://www.spam-site.com/spyware/spywaretypes.shtml Date accessed: 10th march 2012 [4] Different types of spyware http://www.anvisoft.com/wiki/different-types-of-spyware-and-the-solutions-tofixing-them.html [5]Spyware http://www.technewsworld.com/story/38590.html?wlc=1303066100 Date accessed: 8th march 2012 [6]How to get rid of spyware http://www.internetworldstats.com/articles/art043.htm Date accessed: 7th march 2012 [7]Spyware cures http://news.cnet.com/2100-1032_3-5153485.html Date accessed: 10th march 2012 Date accessed: 9th march 2012

22

SPYWARE WHITE PAPER

[8] Spyware https://docs.google.com/viewer?a=v&q=cache:wsZFL5atqX0J:www.uscert.gov/reading_room/spywarehome_0905.pdf+spyware&hl=en&gl=my&pid=bl &srcid=ADGEESjiLvH63NvuWoAzoHoqkwjc0xGF7LSPwFbLmfMLtI8KnZ7odxNSeZb H5bb6RZtq0bzApEJ_g7mNUWp4doPaFGEUs6BAMg5ZqZAdEuIogui_XEa1ebzQ_XQ6GMwks0RzfJpebLa&sig=AHIEtbSKDfJC7_Fttou-yOQVSfyJSTCTIQ Date accessed: 10th march 2012 [9] Type of Spyware http://www.spywareblockersinc.com/spyware_blockers/the_different_types_of_s pyware.htm Date accessed: 10th march 2012 [10] Type of spyware http://anti-spyware-review.toptenreviews.com/types-of-spyware.html Date accessed: 10th march 2012