Unwanted Code: Adware, Spyware

1
Unwanted CodeAdware, Spyware Malware

• Commonwealth of Massachusetts
• 2004 Information Security Seminar

2
Presentation Outline

• What is it? Malware Defined
• What Does Malware Do?
• Tools Techniques to Combat the Problem
• Additional Information References

3
What Is It? Malware Defined

• Adware Spyware
• Keystroke Loggers
• RATs Remote Administration Trojans
• More RATs Remote Access Tools
• DDos Zombies
• Sniffers, Scanners, and Crackers

Malware Non-viral (not self replicating)
software that is installed by hackers,
unsuspecting users, or as an unknown portion of a
desired program
4
Malware Figures Trends

• Industry experts suggest that these types of
  programs may infect up to 90 percent of all
  internet-connected computers.
• A recent study showed an average of 27.8 Spyware
  programs per computer scanned
• Spyware was detected on over 30 of systems
• Increased legislation the SPYBLOCK act
• Spyware detection incorporated into anti-virus
  programs / blocking with host-IPS programs

The net result malware is a pervasive problem
that is getting rapidly worse for users and
organizations.
5
Adware Spyware

• Adware Pop-up windows, cookies, and banner ads
  that report your buying habits invisibly
• Spyware Programs that track your activity
  across multiple sites and report back your
  choices
• Browser Helper Objects (BHOs) Add-in programs
  attached to your web browser that can detect
  events and execute code locally

Spyware is ANY SOFTWARE which employs a user's
Internet connection in the background (the
so-called "backchannel") without their knowledge
or explicit permission. Steve Gibson, Gibson
Research Corp.
6
Keystroke Loggers

• Key Loggers Programs that record store and
  transmit back your key-strokes
• Often used to discover sensitive information
  (e.g., Passwords, Credit Card Numbers, etc.)
• Can also be used to eavesdrop on email, IM
• Some types of key loggers capture screen shots,
  audio and/or video instead of keystrokes

Most Commonly Reported Unauthorized Keystroke
Loggers KeyLogger Pro, Invisible Keylogger, Free
Scratch and Win, Iopus Starr Pro Key Logger,
NetSpy KeyLogger, Tofger-A, Personal Antispy,
H_at_tKeysH_at__at_k, Spytech SpyAgent, EVision Megapro
Pest Patrol, 5/23/04
7
RATs and More RATs

• Remote Administration Trojans Provide hackers
  with control over victims system, usually
  without the user knowing it. Examples include
• BackOriface, Netbus, SubSeven, Bionet,
  hack'a'tack
• Remote Access Tools Provide remote access,
  commonly used by employees who are unaware of the
  high security risks often associated with them.
• LoudPC, pcAnywhere, GoToMyPC, RemotelyAnywhere
• Most Common Sources
• Hacker Attacker places in Startup folder (via
  file share)
• User Installs or Enrolls in Service to Work at
  Home

Note Use of the above software is strictly
prohibited in the Commonwealth of Massachusetts
Environment
8
Zombies

• Use client systems for
• Pooled resources
• An attack platform (anonymous attacks and DDoS
  attacks)
• Often distributed via P2P applications
• SETI project was the first, non-malicious

Source Software Engineering Institute, Carnegie
Mellon University (www.cert.org)
Note Use of the above software is strictly
prohibited in the Commonwealth of Massachusetts
Environment
9
Sniffers, Scanners and Crackers

• Network Sniffers listen to network traffic
• Network Scanners search for other targets
• Crackers are used to de-crypt protected
  information (e.g., passwords, messages)
• Common tools L0phtCrack, NMap, Ethereal,
  TCPDump, AirSnort, Kismet

Note more information for security managers on
these tools (including guarding against their
use) can be found at http//www.insecure.org/tool
s.html
10
Commercial Spyware

• Commercial Spyware Tools are being actively sold
  to end users today. These can perform the
  following
• Key Logging
• Remote Control
• Remote Viewing
• Telephone Taps
• Network Sniffing
• Internet Use Monitoring
• Instant Messaging Eavesdropping
• Email Message Interception

Note Use of the above software is strictly
prohibited in the Commonwealth of Massachusetts
Environment
11
What are the Impacts of Malware?

• Disclosure of Sensitive Information
• Remote Control by Unauthorized Parties
• Consumption of Host CPU Cycles
• Legal Liability - DDoS Source
• Network Bandwidth Consumption
• Personal Privacy Violations

Confidentiality, Integrity, Availability,
Productivity Are All Negatively Impacted By
Spyware/Malware
12
Combating Malware Techniques

• Internet Acceptable Use Policies
• Freeware allowed only with authorization
• Do not open unsolicited attachments
• Do not use P2P, share eCards, etc.
• Block Executable Email Attachments
• Block / Restrict ActiveX Downloads
• Block Application-Initiated Outbound Connections
  / Utilize an HTTP Proxy
• Implement Intrusion Prevention System (IPS)

13
Combating Malware Tools

• Commercial Software
• Ad-Aware (Lavasoft)
• Pest Patrol (Pest Patrol)
• AntiSpyware (McAfee )
• SpySubtract (InterMute)
• GhostSurf Pro (Tenebril)
• BHO Cop (PC Magazine)
• Freeware / Shareware
• Pest Patrol Online
• Spybot Search Destroy
• SpywareGuide.com

14
Additional Information References

• Parasite Programs Adware, Spyware, and Stealth
  Networks
• http//www.ciac.org/ciac/techbull/CIACTech02-004.s
  html
• Spyware (from Network World Fusion)
• http//www.nwfusion.com/research/2004/0126spy.html
  
• Spyware Weekly Newsletter
• http//www.spywareinfo.com/newsletter/
• The Spyware Guide
• http//www.spywareguide.com/txt_intro.php
• Pest Patrol Research Notes
• http//www.pestpatrol.com/PestResearchCenter/White
  papers/notes.asp
• OptOut
• http//grc.com/optout.htm