Spyware and other annoying Pop-ups

What are we going to learn?

• What is spyware • What is the threat• Where does it come from• Why does spyware exist• How do I prevent spyware infections• How do I get rid of spyware

What is Spyware?

• Spyware originated in the 1990's with programs that secretly observed and logged your web surfing habits

• Spyware can do more than steal your personal information. It can also rob your PC of its speeds, stability and Internet access efficiency.

What is the threat?

• Spyware is now the single largest problem facing Internet users today – volume far outstrips spam and regular

virus infections – Spyware usually refuses to be uninstalled

through your control panel – covertly install themselves on your

computer – perform secret operations without your

permission

Is Adware the same as Spyware?

• Adware is a subset of Spyware with a definite distinction.

• Adware delivers specific advertising (pop-ups) on user’s computers which can be annoying when undesired.

• Adware is generally not malicious or illegal.

• Adware can be Spyware when it tracks browser activity and reports such activity back to some unknown recipient.

Adware Example

Types of Spyware

• Spyware has now evolved into dozens of other malicious forms:– Sneakware– Adware– Keyloggers– Browser hijackers

What is Sneakware

• Sneakware - Uses deceptive means to sneak onto your computer. – Users may grant permission, but is often

unaware. – permission is buried deep within EULA – vendor often tries to fool naïve users

into thinking they are at risk if they don’t install it.

What is Adware?

• Adware - Software that gathers information about your Web-surfing habits in order to target you with pop-up advertisements for products and services that might be of interest to you.

Adware Example

What is a keylogger?

• keyloggers are applications that monitor a user's keystrokes and then send this information back to the malicious user.

What are browser hijackers?

• Browser hijackers are malicious programs that – change browser settings, usually altering

designated default start and search pages. – Some produce pop-up ads for pornography

• add dozens of bookmarks • redirect users to porn websites when they

mistype URLs.

Spyware Threat Statistics

• 80% of all PCs have been infected by spyware• 91% of PC users are aware of spyware• The average PC has 93 spyware components on it• 89% of infected users are unaware of the spyware found

on their machines• 95% of infected users did not give permission for the

software identified as spyware to be installed on their machines

• 20% of calls to Dell’s helpdesk are spyware related (source: Dell)

• Microsoft estimates that 50% of all PC crashes are a result of spyware

Spyware statistics

• Severe Threat – 15% of spyware threats send private information gathered from the end user currently logged on to the infected system: logging the user's keystrokes, logged-on user name, hash of administrator passwords, email addresses, contacts, instant messengers login and usage, and more.

• Moderate Threat – 25% percent of spyware sends information gathered from the victim's operating system, including the computer (host) name, domain name, logs of all processes running in memory, installed programs, security applications, client's internal IP address, OS version, the existence and versions of service packs and security updates, TCP ports the spyware is listening to, Computer Security Identifier (SID) ,default browser's homepage, browser plug-ins, etc.

• Minor Threat – 60% of spyware transmits gathered commercial-value information about the end user's browsing habits. This includes keywords used in search engines, browsing habits and ratings of frequently visited websites, shopping reports etc.

Why does Spyware continue?

SPYWARE APPLICATIONS GENERATE AN ESTIMATED $2 BILLION IN REVENUE

ANNUALLY.

How do you make money on Spyware?

• iFrameDollars.biz – pays 55 cents per install or $55 for

1,000 unique installs of a 3KB program that "changes the homepage and installs toolbar and dialer."

– Website owners install the code on their site and web visitors get the code installed on their computer.

How Adware Gets on Your PC

How does spyware get on your PC?

• Drive-by downloading (rogue affiliates)– Websites use vulnerabilities in IE to

install spyware without your knowledge or permission

• Intentional Installs

How does spyware get on your PC?

• Viruses and Trojans– Some viruses install spyware

• Software Bundles– Legitimate freeware may install spyware or

adware as a way to ‘pay the bills’.• P2P software is notorious for this..

– Morpheus, Kazaa, eDonkey, Bit Torrent, etc.

– Often times spyware is authorized by the EULA

Is spyware different than viruses

• Spyware differs from viruses and worms in that it does not usually self-replicate.

• Like many recent viruses, spyware is designed to exploit infected computers for commercial gain.

• Spyware may have to same effect as viruses

The clues that spyware is on your computer

• a barrage of pop-up ads • a hijacked browser — that is, a browser that takes you to

sites other than those you type into the address box • a sudden or repeated change in your computer’s Internet

home page • new and unexpected toolbars • new and unexpected icons on the system tray at the

bottom of your computer screen • keys that don’t work (for example, the “Tab” key that

might not work when you try to move to the next field in a Web form)

• random error messages • sluggish or downright slow performance when opening

programs or saving files

How do I prevent spyware?

• Visit trustworthy Web sites • Read user reviews, download site reviews, or analyst/press

reviews (i.e. CNet, ZDnet, Tucows) on software you intend to download 

• Before installing any software, carefully read license agreements, and privacy statements for how information is collected 

• To close pop-ups, ignore the message and just click the Windows close "X" button

• Run anti-spyware software to clean and block spyware in real time • Download and install the latest updates for your anti-spyware

software and Microsoft Windows operating systems • Set appropriate security settings for Internet Explorer. • Use a separate, non-mission-critical machine for testing

downloaded software • Install a personal firewall to track outgoing connections before

and after installing downloaded software

How do I prevent spyware?

• Don’t install "free programs," specifically file sharing programs, until you know all the software that’s bundled with it

• Don’t click on attachments or links in emails or internet messages if you don’t know the sender or even if you know the sender, but the content is unexpected.

• Don’t give permission to unknown software to install itself on your computer 

• Don’t click on links or buttons on pop-up windows even a click on the "no" and "cancel" buttons can install spyware your machine

• Don’t install non-work-related software onto your work computers

• Save your data and backup often

How do I get rid of spyware?

• Remove your computer from the network• Run anti-spyware programs to identify

malware• Uninstall / remove malware programs

• Once you complete these steps you will most likely need to re-format and re-load the computer.

Spyware Legislation

• Securely Protect Yourself Against Cyber Trespass Act or SPY ACT

• Computer users have to be informed before spyware is installed

• Clear explanation of what spyware does

• Sitting in a the Senate pending approval

Questions?