SpyWare! - PowerPoint PPT Presentation

About This Presentation
Title:

SpyWare!

Description:

Title: Spyware Author: dsvbentley Last modified by: dsvbentley Created Date: 10/22/2006 7:23:04 PM Document presentation format: On-screen Show Company – PowerPoint PPT presentation

Number of Views:794
Avg rating:3.0/5.0
Slides: 17
Provided by: dsvbe
Learn more at: http://cs.uccs.edu
Category:
Tags: spyware | ames

less

Transcript and Presenter's Notes

Title: SpyWare!


1
SpyWare!
  • Chuck Short
  • CS522 Fall 2006
  • Semester Project Presentation
  • Professor Dr. C. Edward Chow

2
Agenda
  • Define SpyWare
  • Discuss methods used for spying
  • Focus on passive tracking methods
  • Demonstrate one passive method
  • Discuss prevention
  • Conclusions

3
SpyWare Definition
  • SpyWare is a general term used to describe
    software that performs certain behaviors such as
    advertising, collecting personal information, or
    changing the configuration of your computer,
    generally without appropriately obtaining your
    consent first.
  • http//www.microsoft.com/athome/security/spyware/
    spywarewhat.mspx

4
SpyWare Categories
  • Advertising (Passive)
  • Capture browsing history
  • Capture buying habits
  • Surveillance (Active)
  • Key loggers
  • System Monitors

5
SpyWare Statistics
  • 90 of all internet connected machines are
    infected
  • 28 SpyWare traces on each machine
  • 1/3 infected with surveillance SpyWare
  • 80 of infections were cookies

6
Passive Tracking Methods
  • Web Beacons
  • Cookies deposits

7
Web Beacons
  • Also know as
  • Web Bugs
  • Clear GIFs
  • Allows destination to log page hits
  • Can be used in conjunction with cookies

8
Cookie Fields
Parameter Description
Name The name of the cookie.
Value The value of the cookie.
Expire The time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. In other words, you'll most likely set this with the time() function plus the number of seconds before you want it to expire.
Path The path on the server in which the cookie will be available.
Domain The domain in which the cookie is available
Secure When set to TRUE, the cookie will only be set if a secure connection exists. The default is FALSE.
httponly When TRUE the cookie will be made accessible only through the HTTP protocol. Not supported on all browsers
9
Web Beacon w/Cookie Example spywareWebBeaconCooki
eDeposit.html
  • lthtmlgt
  • ltheadgt
  • lttitlegtWeb Beacon Cookie Deposit Examplelt/titlegt
  • lt/headgt
  • ltbodygt
  • lth1gtltbgtWeb Beacon Cookie Deposit
    Examplelt/bgtlt/h1gt
  • lthr /gt
  • ltimg src"http//www.cs.uccs.edu/cdshort/serverWe
    bBeacon.php" alt"Picture" width"0" height "0"
    border "0" /gt
  • lt/bodygt
  • lt/htmlgt

10
Server CodeserverWebBeacon.php
  • lt?php
  • if (!(isset(_COOKIE"SpyCookie")))
  • setcookie("SpyCookie", "ISpyOnYou",
    time()3600)
  • ?gt
  • lthtmlgt
  • ltheadgt
  • lttitlegtPHP Testlt/titlegt
  • lt/headgt
  • ltbodygt
  • lt?php
  • filename 'cookieCapture.txt'
  • today date("D M j Gis T Y")
  • Content "SpyCookie" . " " .
    "_COOKIESpyCookie" . " " . "today\r\n"
  • if(handle fopen(filename, 'a'))
  • fwrite(handle, Content)
  • fclose(handle)
  • ?gt

11
Cookie Capture File
  • cdshort_at_windom public_html cat
    cookieCapture.txt
  • SpyCookie ISpyOnYou Fri Dec 1 183017 MST
    2006
  • SpyCookie ISpyOnYou Fri Dec 1 183038 MST
    2006
  • cdshort_at_windom public_html

12
(No Transcript)
13
Packet Capture
14
Conclusions
  • Browser settings can prevent cookie deposit
  • Be careful what you download
  • Dont open the door willingly
  • The use of cookies is fundamental
  • The information provided is minimal

15
Questions?
16
References
  • http//www.php.net/manual/en/function.setcookie.ph
    p
  • http//cs.uccs.edu/cs301/php/php.html
  • Tzu-Yen Wang, Shi-Jinn Horng, Ming-Yang Su,
    Chin-Hsiung Wu,Peng-Chu Wang and Wei-Zen Su. A
    Surveillance Spyware Detection System Based on
    Data Mining Methods. 2006 IEEE Congress on
    Evolutionary Computation.
  • http//www.allaboutcookies.org/web-beacons/
  • Wes Ames, Understanding Spyware Risk and
    Response, 2004 IEEE IT Pro
  • http//www.microsoft.com/athome/security/spyware/s
    pywarewhat.mspx
  • http//www.earthlink.net/about/press/pr_spyAudit/
Write a Comment
User Comments (0)
About PowerShow.com