COMP 2903 A 27 Why Spyware Poses Multiple

  • Slides: 12
Download presentation
COMP 2903 A 27 – Why Spyware Poses Multiple Threats to Security Danny Silver

COMP 2903 A 27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia University

Roger Thompson Communications of the ACM, August, 2005 Native Australian, now in the USA

Roger Thompson Communications of the ACM, August, 2005 Native Australian, now in the USA Chief Research Officer for AVG Leads a global team of security researchers Previously headed the malware research operations for security industry leaders ICSA, Pest. Patrol and Computer Associates (CA). • Speaks widely on computer security and forensics issues. • Check out his blog: http: //thompson. blog. avg. com/ • •

Malware - Definition • Malware - short for malicious software • Designed to infiltrate

Malware - Definition • Malware - short for malicious software • Designed to infiltrate or damage a computer system without the owner's informed consent • A variety of forms of hostile, intrusive, or annoying software or program code: – computer viruses, worms, trojan horses, most root kits, spyware, dishonest adware, crimeware

Spyware – Definition • Spyware – any software intended to aid an unauthorized person

Spyware – Definition • Spyware – any software intended to aid an unauthorized person or entity in causing a computer, without knowledge of the computer’s user or owner, to divulge private information.

Spyware – A Relentless Onslaught • Spyware is software that is installed on a

Spyware – A Relentless Onslaught • Spyware is software that is installed on a computer and collects information without the user’s knowledge • Sometimes it is installed by the owner of a shared, corporate, or public computer to secretly monitor users • Can collect various types of personal information, such as Internet surfing habits and sites that have been visited • Can interfere with user control of the computer in other ways, such as: – – installing additional software redirecting web browser activity changing computer settings forcing alternative software to execute

Spyware Dangers • “Phone home” – sends info on user and her/his actions to

Spyware Dangers • “Phone home” – sends info on user and her/his actions to a third party – used for spam / pop-up campaigns • Open a computer to a remote attacker – RAT = Remote Access Trojan • Capture keystrokes and send it to theif/blackmailer • Hijack computer for illegal use – armies of software robots = Botnets, denial-of-service attacks • Probe system for access to files

Spyware Harms Computer Perfromance • Seriously degrades computer performance • If you computer is

Spyware Harms Computer Perfromance • Seriously degrades computer performance • If you computer is taking a long time to boot, it is likely because of Spyware • If your webpages are taking longer to load it is likely do to Spyware • Seconds lost per transaction adds up to big costs

National Security Threats • Some Spyware is designed to steal UIDs and passwords •

National Security Threats • Some Spyware is designed to steal UIDs and passwords • When of the greatest corporate and national threats in existence today • Botnets = armies of distributed software robots • Able to hijack large numbers of person computers • Orchestrated, a Botnet can be a powerful force on the Web - DDo. S

Botnet • A collection of software robots, or bots, that run autonomously and automatically

Botnet • A collection of software robots, or bots, that run autonomously and automatically and distributed over a computer network • A bot typically runs hidden, uses a covert channel to communicate with its command control server(s). • Newer bots automatically scan their environment and propagate themselves using vulnerabilities • The process of stealing computing resources via "botnet" is sometimes referred to as "scrumping. “ • Estimated that up to one quarter of all personal computers connected to the internet may be part of a botnet: – The Dutch police found a 1. 4 million node botnet – Norwegian ISP Telenor disbanded a 10, 000 -node botnet.

Fighting Back • A combined effort is needed, three lines of defence: • 1:

Fighting Back • A combined effort is needed, three lines of defence: • 1: Education and protection – Education of organizations and individuals on preventative measures – COAST – Consortium of Anti-Spyware Technology – Use of protective anti-Spyware software

Fighting Back • 2: Disclosure Legislation – Identification of all installed software – Ease

Fighting Back • 2: Disclosure Legislation – Identification of all installed software – Ease of removal of software – Transparent disclosure of all impacts on computer – Allows users to make decision on use and to take action

Fighting Back • 3: Aggressive Prosecution – Laws against consumer fraud and idenituy theft

Fighting Back • 3: Aggressive Prosecution – Laws against consumer fraud and idenituy theft cover Spyware acts – Law enforcement must be encouraged to take action – International law enforcement co-op needed • 4: Planning – For DDo. S from Botnets – Gov’t, ISP, corporate and international co-op needed