COMPUTER APPLICATION READING SCHEME

Presented by

Diocesan Boys’ School

L6A NG, Kin-kwan Felix

SPYWARE PRESENTATI

ONA Presentation to Inform You the Ideas of What Spyware is and How it works. Through Various Examples, I Am Going To Provide You with A Clear Picture of the Complicated SPYWARE…

.: INTRODUCTION :.

• Definition

Spyware is a general term to describe software used for

• Advertising

• Collecting Personal Information

• Changing the Configuration of the Computer

• Without Appropriate Consent

.: PURPOSES :.

• General Intention of Attack

1. To Deliver Unsolicited Pop-up Advertisements

2. To Steal Personal Information, including Financial Information

3. To Monitor Web-browsing Activities for Marketing Purposes

4. To Route HTTP Requests to Advertising Sites

.: DETENTION :.

• Discovery of Infection

1. Pop-up advertisements seen even not on the Web

2. Homepage or browser search changed without knowledge

3. Unwanted new toolbar noticed

4. Longer time needed to complete tasks

3. Sudden rise in computer crashes

.: DEVELOPMENT :.

• Past and Present

1. First Appeared on October 17, 1994

2. Used In Press With Current Meaning in Early 2000

3. Discovered by Steve Gibson of Gibson Research

4. First Anti-spyware, Optout Invented in 2000

5. One of the Biggest Security Threats in 2005 with most users not knowing its existence

.: ROUTES :.

• Infection Paths

1. User Installing By Own

2. Installed With Other Downloaded Softwares

3. Tricked by Fake Security Features

4. Security Holes Attacked

.: ROUTES :.

• User Installing By Own

1. Most Direct Route

2. Users Deceived

3. Piggybacking On Desirable Software

4. Pretending to Install Something Good

.: ROUTES :.

• Installed With Other Downloaded Softwares

1. A Program Downloaded

2. Additional Spyware Installed As Well

.: ROUTES :.

• Tricked By Fake Security Features

1. Pop-up or Dialogue Box

2. "Would you like to optimize your Internet access?" Message

3. Installation Of Spyware Initiated By Any Buttons Pressed

.: ROUTES :.

• Security Holes Attacked

1. Spyware Author’s Web Page Forces Download

2. Spyware Author Knows Much About Anti-virus and Firewall

.: EFFECTS :.

• Effects of Spyware On Computers

1. Creates Unwanted CPU Activity, Disk Usage, Network Traffic, Application/System Crashes, Difficulty Connecting to Internet

2. Need to Buy Entirely New Computer System or Clean Reinstall of All Softwares

3. Multiplier Effect Leading to More Opportunistic Infections

.: EFFECTS :.• Here multiple toolbars (including both spyware and innocuous ones) over

whelm an Internet Explorer session.

.: BEHAVIORS :.

• Behaviors of Spyware On Computers

1. Advertisements

2. Stealware and Affiliate Fraud

3. Identity Theft and Fraud

4. Spyware and Cookies

.: BEHAVIORS :.

• Advertisements

1. Spyware Operators Present Advertising Features For Advertisers

2. As A Purpose to Gather Information On Users’ Behaviors

3. Advertisements Overwhelming, Irritating And Offensive

.: BEHAVIORS :.

• Stealware and Affiliate Fraud

1. Also Known As “Click Fraud”

2. Redirect Payment of Affiliate Marketing Revenues From Legal Affiliate To Spyware Vendor

3. Affiliate Networks By Tracking Users Following Advertisement from Affiliate And Purchasing From Advertised Web Site

4. Affiliate Places a Tag On User's Request, (which Merchant Associates with Any Purchases Made) and Receives Small Commission

.: BEHAVIORS :.• Stealware and Affiliate Fraud

5. Spyware Attacks Affiliate Networks By Placing Spyware Operator's Affiliate Tag On User's Activity and Replacing Any Other Tag

6. Users Harmed By Choices Deterred

7. Legal Affiliate Harmed By Redirecting Earned Income to Spyware Operators

8. Affiliate Marketing Networks Harmed By Degradation of Reputation

9. Vendors Harmed By Having to Pay out Affiliate Revenues to Affiliate Not According to Contract

.: BEHAVIORS :.

• Identity Theft and Fraud

1. Wire Fraud

2. Dialers Causing Computers with Modems to Dial Up a Long-distance Telephone Number

3. Massive Telephone Bills Needed

4. Users Either Pay or Contest with Telephone Company

.: BEHAVIORS :.

• Spyware and Cookies

1. Web Sites Set Cookies to Track Web-browsing Activities

2. User Redirected to Cookie-setting Third-party Site By Web Banner Image

3. Cookies Used to Track People's Browsing Among Various sites Carrying Ads From Same Firm and to Build Up Marketing Profile of Person or Family Using the Computer

.: REMEDIES :.

• Remedies and Prevention of Spyware

1. General Situation

2. Anti-spyware Programs

3. Virtual Machines

4. Other Security Measures

.: REMEDIES :.

• General Situation

1. Large Number of Spyware Pieces

2. Only Method - Backing Up User Data, and Fully Reinstalling

Operating System

.: REMEDIES :.

• Anti-spyware Programs

1. Real-time Protection Preventing Installation:

scans incoming network data and disk files, blocks the activity of spyware

and intercept attempts to install start-up items or to modify browser settings

2. Detection and Removal:

inspect the contents of the Windows registry, the operating system files, and installed programs, and remove known spyware components

.: REMEDIES :.

• Anti-spyware Programs

3. Updates Needed to Detect and Remove Newly-released Spyware Programs

4. Updates Done By Subscription, Installed Automatically or Manually

5. Some Relying On Historical Observation

6. By Watching Configuration Parameters and Reporting Any Changes to Users

7. Problem Still Be Reported Before New Spyware Definition Updated

.: REMEDIES :.

• Anti-spyware Programs

8. Spyware Mostly Working In Pairs

9. One Spyware Killed and Another One Re-generates

10. Booting Infected Computer in Safe Mode Better in Removing Persistent Spyware

11. Fake Spyware Not Removing Spyware But Adding:

• SpyAxe • AntiVirus Gold • Spyware Strike

.: REMEDIES :.

• Virtual Machines

1. Provide Separate Environments

2. Host Computer Unchanged If Spyware In Virtual Environment

3. Snapshots Used to Remove Private Information and Transporting Snapshot of Virtual Machine

4. More Memory and Disk Space Needed

.: REMEDIES :.• Other Security Measures

1. Installation of a Web Browser other than Microsoft's Internet Explorer:

alternative web browers, such as Opera or Mozilla Firefox, infected with spyware with much lower chances due to less popularity

2. Using Network Firewall and Web Proxies:

network firewalls and web proxies used to block access to Web sites known to install spyware.

3. Downloading Programs Only From Reliable Sources: Cleansoftware.org, offering only software verified not to contain "nasties" such as spyware. Recently, CNet stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor

THE END

I would like to take this opportunity to give my heartfelt thanks to the followings:

CHEUNG, Lily (Mrs.)TSE, CK (Mr.) LI, Gerald (Mr.)LIU, Kathleen (Ms.)

for giving me so much guidance for this PowerPoint Presentation &

1. http://www.spychecker.com/spyware.html

http://news.com.com/2010-1032-5307831.html

http://research.sunbelt-software.com/threat_display.cfm?name=WildTangent&threatid=14225

http://www.antispywarecoalition.org/

http://www.spyware.lt

for the information.