Title: Virus, Spyware and Adware
1Virus, Spyware and Adware
- Prevention and Detection
- Presented by
- Dr Stewart L J Grainger BSc (Hons) PhD (Dunelm)
2The Usual Suspects
3Virus
What am I ?
- You are a small program written to alter the way
a computer operates, without the permission or
knowledge of the user. A virus must execute and
replicate itself.
4Virus
Virus Transmission Trends
- 1996 9 of users surveyed listed email
attachments as the source of a virus, 71 put the
blame on infected disks (20 others). - 2003 88 reported infected email attachments, 0
disks (12 others).
5Virus
- A virus is software code that plants a version of
itself in any program it can modify. The virus
may append or otherwise attach itself in such a
way that the program executes after the virus
code, making it appear as if the program were
functioning as usual. Alternatively the virus
may overwrite the program such that only the
virus will function from then onwards. A Trojan
horse program could also initiate the spread of a
virus, as could a worm.
6Example Virus Categories
- A Trojan Horse is a program that conceals harmful
code. A Trojan Horse usually resembles an
attractive or useful program that a user would
wish to execute such as a screensaver or movie
file. - A Logic Bomb is software code that checks for a
certain set of conditions to be present. If
these conditions are met, it may cause sudden and
widespread damage from that point onwards. - A Time Bomb is a logic bomb that is triggered by
a certain date or time and is most likely to be
concealed as a Trojan Horse. - A Worm is a self-contained program that
replicates itself rapidly across electronically
connected networks.
7Virus
Melissa one of the first big Internet based
infections !!!
- Before Melissa it was thought that viruses could
not be transmitted by data files, such as e-mail
attachments. - Melissa arrived disguised as an email message
with a Microsoft Word attachment. - When the attachment was opened, Melissa
- Checked whether the recipient had Microsoft
Outlook. - If Outlook was present, Melissa would mail a copy
of itself to the first 50 names in Outlooks
address book. - Melissa would then repeat this process with each
of the next 50 recipients and so on exponentially
across the Internet. - This resulted in Melissa paralysing and clogging
email servers and also subsequent system crashes.
8Virus
A New Generation of Virus - Sonic
- Sonic the Internet Worm heralded a disturbing new
generation of computer virus. A smart stealth
virus that was designed not to cause mayhem,
havoc, or global disruption, but to quietly find
a home in the user's computer, and then invite
its more potent master to join it. From here it
would slowly take over control of the infected
computer. - Sonic has two personalities - the first is the
slave that infects the user's computer and finds
a safe place to lodge. Once settled in it makes a
call across the Internet to its master, or main
module, and the master then downloads a more
virulent payload. - The master is the smart part of the troublesome
tag team, and has four main objectives - To steal data from the user's computer (like
passwords, credit card numbers, and financial
data). - To track the user's behaviour - to see which
sites they visit, what networks they connect to. - To infect other computers by using the user's
email address book information. - To ultimately take control of the user's computer
system.
9Virus
How can you avoid infection what are the best
practices to use
- Only open email from known sources.
- If an email looks suspect it probably is.
- Avoid opening unknown file attachments.
- Remember you can receive virus infected emails
from trusted sources without their knowledge. - Make sure you always use virus protection
software that auto updates daily from the
Internet or connected server.
10Virus
Best Practices - continued
- With Windows XP have Service Pack 2 installed and
set Windows to Automatically Update for the
latest Microsoft security patches if this was
the case updating would of reduced the widespread
infection associated with the Blaster Poza
viruses. - Use a reputable software or hardware firewall.
- Use an Internet Service Provider that removes the
virus infected emails before they reach you. - If you have a server based network, use a Mail
Server with its own in built virus scanner.
11Virus
Recommended Antivirus Programs
- Computer Associates EZ Etrust www.my-etrust.com
- Norton Anti-Virus Security Centre www.norton.co
m - AVG Anti-Virus (Free for personal
use) www.grisoft.com - Sophos Anti-Virus (popular in education) www.sopho
s.com
12Spyware
Spyware - What am I?
- You collect and transmit user and computer
information on the Internet without the users
knowledge or consent. You are also known as
sneakware, snoopware and are also combined with
AdWare. - You can also come bundled with some Peer to Peer
software (P2P) - Kazaa for example is a good one.
Kazaa allows users to share files, computing
capabilities, networks, bandwidth and storage.
13Spyware
Is Spyware a Security Threat?
- When spyware invades, it can create a real
security threat to your environment. Spyware can
log keystrokes to capture input before
encryption, redirect browsers to unapproved Web
sites, attach Trojan Horses to programs and
disrupt your system, collect information about
users and Web surfing habits and send and receive
cookies to and from other spyware programs (even
if the cookies setting is turned off).
14Spyware
Example Categories
- P2P Any peer-to-peer file swapping programs,
such as Audiogalaxy, KaZaa Lite, Limewire,
Morpheus and WinMX. - Search Hijacker Any software that resets your
browser's settings to point to other sites when
you perform a search. - Toolbar Toolbars may be created by Spyware and
then cause related performance issues. - Commercial RAT Any commercial product that is
normally used for remote administration. This
product could then be used to exploit the users
system without the users consent or awareness. - Key Logger A program that runs in the
background, recording all the keystrokes. Once
keystrokes are logged, they are hidden in the
machine for later retrieval, or shipped raw to
the attacker.
15Spyware
Face the Facts !!!
- The problem with Spyware is so extensive that
Microsoft has published estimates stating that
Spyware may be responsible for more than half of
all PC crashes. Some major hardware vendors claim
that more than 30 per cent of all tech-support
calls involve spyware in some manner or form. - Spyware also uses precious computer and system
bandwidth through a near-constant delivery of
pop-ups, banner-ads and Spam. Some systems that
are overcome with Spyware can take more than 10
minutes to start and subsequently the PC can
become unusable.
16Spyware
Best Practices - Be Cautious on the Internet The
battle to keep your information safe from
unauthorised access is constant. Software will
need to be updated and policies reviewed.
- Be aware of the hazards of downloads and pop-up
messages from suspect websites, adopt best
practices when surfing. - Use Windows XP with Service Pack 2 as your
operating system. Use Automatic Windows Update to
download all the latest Microsoft security
patches. - Use a reputable software or hardware Firewall.
The simplest one is integrated within Windows XP
Service Pack 2 and is now available on Service
Pack 1 with Windows Server 2003.
17Spyware
Best Practices
- In some cases, it may even be worth moving your
Web browser away from Internet Explorer to
Mozilla or Opera. Not that these are better
browsers but because Spyware specifically
targets Internet Explorer. - Keep your Spyware detector e.g. Spybot Search and
Destroy up to date with the latest downloadable
patches. This can be done automatically.
18Spyware
Detection and Removal
- The best way to detect and remove Spyware is
using a detection and removal tool such as - Spybot Search and Destroy (Free Download)
- Lavasoft Personal Ad-aware (Free Download)
- eTrust PestPatrol Anti-Spyware
- Norton Security Centre
19Adware
What am I?
- You are advertising software. This is neither
malware, nor is it necessarily illegal although
it can often go beyond the basic advertising
expected from freeware or shareware. Adware is
often a separate program that is loaded along
with shareware programs. It often goes
hand-in-hand with Cookies and can transmit
details of Web site browsing patterns and other
data to Internet advertisers.
20Adware
Adware What Do I Do
- Today a growing number of software developers
often offer their goods as "sponsored" freeware
until you pay to register. Generally most
features of the freeware are enabled but you have
to look at specific adverts. - The adverts usually run in a small section of the
software interface or as a pop-up ad box on your
desktop. When you stop running the software, the
ads should disappear.
21Adware
Example Adware
- In many cases, adware is a legitimate revenue
source for companies who offer their software
free to users. A perfect example of this would be
the e-mail program, Eudora. You can choose to
purchase Eudora or run the software in sponsored
mode. In sponsored mode Eudora displays an
ad-window in the program and up to three
sponsored toolbar links. - Eudora adware is not malicious it reportedly
doesn't track your habits or provide information
about you to a third party. This type of adware
is simply serving up random paid ads within the
program. When you quit the program the ads stop
running on your system.
22Adware
Is Adware a Security Threat?
- Adware is generally not a security threat,
however the advertising pop-ups and banners are
annoying and can reduce Internet Performance and
Bandwidth. - If Adware becomes malicious e.g. the transmitting
of personal information it then moves into the
realms of Spyware.
23Firewall
What is a Firewall?
- A firewall is a protective system that sits
between your computer network and the Internet.
Firewalls can be either hardware or software and
can also consist of both options integrated on
your network. When used correctly, it prevents
unauthorized access to your systems and provides
a protective barrier against most forms of attack
coming from the outside world. - A firewall carefully analyzes data entering and
exiting the network and rejects information that
comes from unsecured, unknown or suspicious
locations. In addition to limiting access to your
systems, a firewall also allows remote access to
a private network through secure authentication
certificates, logins and VPNs (Virtual Private
Networks).
24Firewall
Do I need a Firewall?
- Many people don't completely understand the
importance and necessity of a firewall, or they
think it's something that only businesses need.
If your computer (networked or not) accesses the
outside world via the Internet, then you should
have a firewall to protect your computer systems.
25Firewall
Hardware Software Firewalls
- You can buy a hardware firewall as a stand-alone
product, but it is now common to find them
integrated into broadband routers for smaller
systems. - For individual users, the most popular firewall
of choice is a software firewall. Software
firewalls install on your computer just like any
other software program. You can then customize it
to control its functions and features. - Software firewalls may also incorporate privacy
controls, Web filtering and more. The downside to
personal software firewalls is that they will
only protect the computer they are installed on.
26Firewall
Examples of Hardware Firewalls for Networked
systems
- Sonicwall
- WatchGuard
- Zyxel
Single user small workgroups
Examples of Software Firewalls
- Norton Security Centre
- Zone Alarm
27Food For Thought
Pertinent Questions
- HAVE YOU BACKED UP RECENTLY ?
- DO YOU VERIFY TEST RESTORE YOUR BACKED UP DATA
? - HAVE YOU GOT A WIRELESS NETWORK IS IT ENCRYPTED
? - DO YOU HAVE BROADBAND AT WORK / HOME WHAT
FIREWALL PROTECTION DO YOU HAVE ? - DISASTER RECOVERY WHAT FACILITIES DO YOU HAVE
IN PLACE ? - WHAT FACILITIES DO YOU HAVE FOR REMOTE WORKING
AND ARE THEY SECURE ?