COMP 2903A27 – Why Spyware Poses

Multiple Threats to SecurityDanny Silver

JSOCS, Acadia University

Roger ThompsonCommunications of the ACM, August, 2005

• Native Australian, now in the USA• Chief Research Officer for AVG• Leads a global team of security researchers• Previously headed the malware research operations

for security industry leaders ICSA, PestPatrol and Computer Associates (CA).

• Speaks widely on computer security and forensics issues.

• Check out his blog: http://thompson.blog.avg.com/

Malware - Definition

• Malware - short for malicious software• Designed to infiltrate or damage a computer

system without the owner's informed consent• A variety of forms of hostile, intrusive, or

annoying software or program code:– computer viruses, worms, trojan horses, most

root kits, spyware, dishonest adware, crimeware

Spyware – Definition

• Spyware – any software intended to aid an unauthorized person or entity in causing a computer, without knowledge of the computer’s user or owner, to divulge private information.

Spyware – A Relentless Onslaught

• Spyware is software that is installed on a computer and collects information without the user’s knowledge

• Sometimes it is installed by the owner of a shared, corporate, or public computer to secretly monitor users

• Can collect various types of personal information, such as Internet surfing habits and sites that have been visited

• Can interfere with user control of the computer in other ways, such as:– installing additional software– redirecting web browser activity– changing computer settings– forcing alternative software to execute

Spyware Dangers

• “Phone home” – sends info on user and her/his actions to a third party – used for spam / pop-up campaigns

• Open a computer to a remote attacker– RAT = Remote Access Trojan

• Capture keystrokes and send it to theif/blackmailer• Hijack computer for illegal use – armies of software

robots = Botnets, denial-of-service attacks• Probe system for access to files

Spyware Harms Computer Perfromance

• Seriously degrades computer performance• If you computer is taking a long time to boot,

it is likely because of Spyware• If your webpages are taking longer to load it is

likely do to Spyware• Seconds lost per transaction adds up to big

costs

National Security Threats

• Some Spyware is designed to steal UIDs and passwords

• When of the greatest corporate and national threats in existence today

• Botnets = armies of distributed software robots• Able to hijack large numbers of person computers• Orchestrated, a Botnet can be a powerful force on

the Web - DDoS

Botnet• A collection of software robots, or bots, that run autonomously

and automatically and distributed over a computer network• A bot typically runs hidden, uses a covert channel to

communicate with its command and control server(s).• Newer bots automatically scan their environment and propagate

themselves using vulnerabilities • The process of stealing computing resources via "botnet" is

sometimes referred to as "scrumping.“• Estimated that up to one quarter of all personal computers

connected to the internet may be part of a botnet:– The Dutch police found a 1.4 million node botnet – Norwegian ISP Telenor disbanded a 10,000-node botnet.

Fighting Back

• A combined effort is needed, three lines of defence:

• 1: Education and protection– Education of organizations and individuals on

preventative measures– COAST – Consortium of Anti-Spyware Technology– Use of protective anti-Spyware software

Fighting Back

• 2: Disclosure Legislation– Identification of all installed software – Ease of removal of software– Transparent disclosure of all impacts on computer– Allows users to make decision on use and to take

action

Fighting Back

• 3: Aggressive Prosecution– Laws against consumer fraud and idenituy theft cover

Spyware acts– Law enforcement must be encouraged to take action– International law enforcement co-op needed

• 4: Planning – For DDoS from Botnets– Gov’t, ISP, corporate and international co-op needed