1 Spyware Ryan Myers Andrew Sullivan ECE 4112 – Spring 2005.

1

Spyware

Ryan Myers

Andrew Sullivan

ECE 4112 – Spring 2005

ECE 4112 - Internetwork Security 2

Overview

• What is Spyware?• Examples of Spyware• Spyware prevention techniques• Spyware detection and removal• Tools explored in the lab


What is Spyware?

• Spyware is a piece of software intended to monitor computer usage This data can be collected anonymously for

statistical purposes or with knowledge of whose usage they are tracking

• Spyware comes in basically two flavors Commercial Spyware Subversive Spyware


Commercial Spyware

• Commercially sold products for monitoring computer usage

• These include mostly keyloggers and similar monitoring software

• This software is intended to be used in legitimate situations such as monitoring employee computer usage but has a large potential for abuse


Subversive Spyware

• Software usually bundled with legitimate useful software for tracking computer usage

• In most cases this is technically legal because it is disclosed in the End-User License Agreement

• Despite the legality a large amount of spyware uses underhanded tactics Confusing wording in the EULA Often doesn’t disclose spyware “up front” and

relies on people not reading the EULA


Where is Spyware found?

• Spyware is most often found in Downloading/Sharing utilities and Media players

• Spyware is almost always associated with free software


A Few Examples of Spyware

• BonziBuddy Monitors user searches Provides Targeted Ads

• Bearshare SaveNow

– Bundled with Bearshare– Collects User Information– Provides Targeted Ads

• Alexa Toolbar Collects User Data Provides Targeted Content


How Spyware Works

• Varies from Program to Program• Some programs only send aggregate

statistical data• Others associate data to a unique ID

called a Global User ID (GUID)


How Spyware Works

• Spyware “phones home” with usage data

• Vendors store this data and often use it to send targeted advertising

Diagram Courtesy of Symantec (see references)


Is Spyware legal?

• Technically yes. Many if not all Spyware programs include End-User License Agreements (EULA) which a user must accept to install the software These agreements disclose the nature of the

spyware bundled with the software However the legality of many of these EULAs is

being contested– They are often verbose, ambiguous, and full of

legalese– Most users are completely unaware they are using

spyware in their applications


Is Google and GMa Spyware?

• Recent Controversy has arisen over Google’s Popular new e-mail service GMail GMail provides targeted ads based upon

the content of your e-mail

• Google also keeps a GUID for it’s users which is maintained across search, mail, and other services


Google’s Position

• Google claims it protects user’s privacy by claiming It will not reveal information to 3rd parties It’s targeted ads are “better” than non-

targeted ads Scanning of e-mail for ads is a completely

automated process E-mail is already scanned for spam and

virus detection


EPIC’s position on GMail

• Users who send mail have not agreed to Gmail’s EULA

• Google’s GUID tracks users across it’s services

• Google encourages users to keep E-mail indefinitely and makes it very difficult to delete E-mail

• Google has a rather vague privacy policy This policy can be changed without notice Google reserves the right to share information

collected about you amongst it’s services to “improve the quality of service”


Spyware prevention techniques

• Awareness Be knowledgeable and conscious of software

with spyware bundled– Check Known Spyware Lists such as

http://www.spywareguide.com

• Application protection programs These are programs that prevent programs

from running that are not on a baseline list you set without your consent

One such application is BlackICE from ISS


Spyware detection

• Even the most cautious computer user is likely to have spyware installed on his or her computer

• Many solutions exist to detect spyware these include XRayPC Ad-Aware Spybot Search & Destroy


Spyware removal

• Removal of spyware can be accomplished either automatically or manually

• The Automated method includes the use of programs like Ad-Aware and Spybot

• Manual removal often requires editing registry keys, deleting files, or even replacing system files


Automatic Spyware Removal

• Automated removal utilities are often quick and easy to use but can sometimes be ineffective in removing all spyware

• Particularly devious spyware is often only completely removed manually


Manual Spyware Removal

• Most spyware programs have well documented procedures for manually removing them

• Often this documentation is provided by independent spyware sites but occasionally the manufacturer provides such information

• The procedure for manual removal is often fairly complex and time consuming


Lab: Commercial Spyware

• In the lab we will be using XPCSpy which is a full-featured Keylogger available as a free trial

• This logger tracks all activities on a computer including keys typed, programs ran, web sites visited, and more

• XPCSpy has the option of transmitting logs via FTP which will be explored in this lab


XPCSpy Detection

• Detection of this software is rather easy as it is designed for legitimate use and doesn’t have a high need for secrecy

• The FTP transfer of logs is a particular weakness of this software as no encryption is used


Lab: Subversive Spyware

• For this portion of the lab we will use Gator and BonziBuddy

• In both cases spyware is bundled with useful applications

• Detection and removal of this software is done with automated utilities Ad-Aware and Spybot


Summary

• Spyware is software that collects computer usage data. Two Types:

– Commercial: Commercially sold products such as keyloggers

– Subversive: Bundled with software often unknown to the user

• Dealing with Spyware Prevention (Awareness and Application

protection) Detection (Ad-Aware, Spybot, XRay-PC) Removal (Manually, Ad-Aware, Spybot)


References

• Post, André. The Dangers of Spyware. Symantec Security Response. http://enterprisesecurity.symantec.com/PDF/danger_of_spyware.pdf

• Gmail Privacy FAQ. Electronic Privacy Information Center. http://www.epic.org/privacy/gmail/faq.html

• GMail and Privacy. http://gmail.google.com/gmail/help/more.html

• Spyware Guide. http://www.spywareguide.com/index.php

1 Spyware Ryan Myers Andrew Sullivan ECE 4112 – Spring 2005.

Documents

Transcript of 1 Spyware Ryan Myers Andrew Sullivan ECE 4112 – Spring 2005.