COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia...
-
Upload
leona-malone -
Category
Documents
-
view
213 -
download
1
Transcript of COMP 2903 A27 – Why Spyware Poses Multiple Threats to Security Danny Silver JSOCS, Acadia...
COMP 2903A27 – Why Spyware Poses
Multiple Threats to SecurityDanny Silver
JSOCS, Acadia University
Roger ThompsonCommunications of the ACM, August, 2005
• Native Australian, now in the USA• Chief Research Officer for AVG• Leads a global team of security researchers• Previously headed the malware research operations
for security industry leaders ICSA, PestPatrol and Computer Associates (CA).
• Speaks widely on computer security and forensics issues.
• Check out his blog: http://thompson.blog.avg.com/
Malware - Definition
• Malware - short for malicious software• Designed to infiltrate or damage a computer
system without the owner's informed consent• A variety of forms of hostile, intrusive, or
annoying software or program code:– computer viruses, worms, trojan horses, most
root kits, spyware, dishonest adware, crimeware
Spyware – Definition
• Spyware – any software intended to aid an unauthorized person or entity in causing a computer, without knowledge of the computer’s user or owner, to divulge private information.
Spyware – A Relentless Onslaught
• Spyware is software that is installed on a computer and collects information without the user’s knowledge
• Sometimes it is installed by the owner of a shared, corporate, or public computer to secretly monitor users
• Can collect various types of personal information, such as Internet surfing habits and sites that have been visited
• Can interfere with user control of the computer in other ways, such as:– installing additional software– redirecting web browser activity– changing computer settings– forcing alternative software to execute
Spyware Dangers
• “Phone home” – sends info on user and her/his actions to a third party – used for spam / pop-up campaigns
• Open a computer to a remote attacker– RAT = Remote Access Trojan
• Capture keystrokes and send it to theif/blackmailer• Hijack computer for illegal use – armies of software
robots = Botnets, denial-of-service attacks• Probe system for access to files
Spyware Harms Computer Perfromance
• Seriously degrades computer performance• If you computer is taking a long time to boot,
it is likely because of Spyware• If your webpages are taking longer to load it is
likely do to Spyware• Seconds lost per transaction adds up to big
costs
National Security Threats
• Some Spyware is designed to steal UIDs and passwords
• When of the greatest corporate and national threats in existence today
• Botnets = armies of distributed software robots• Able to hijack large numbers of person computers• Orchestrated, a Botnet can be a powerful force on
the Web - DDoS
Botnet• A collection of software robots, or bots, that run autonomously
and automatically and distributed over a computer network• A bot typically runs hidden, uses a covert channel to
communicate with its command and control server(s).• Newer bots automatically scan their environment and propagate
themselves using vulnerabilities • The process of stealing computing resources via "botnet" is
sometimes referred to as "scrumping.“• Estimated that up to one quarter of all personal computers
connected to the internet may be part of a botnet:– The Dutch police found a 1.4 million node botnet – Norwegian ISP Telenor disbanded a 10,000-node botnet.
Fighting Back
• A combined effort is needed, three lines of defence:
• 1: Education and protection– Education of organizations and individuals on
preventative measures– COAST – Consortium of Anti-Spyware Technology– Use of protective anti-Spyware software
Fighting Back
• 2: Disclosure Legislation– Identification of all installed software – Ease of removal of software– Transparent disclosure of all impacts on computer– Allows users to make decision on use and to take
action
Fighting Back
• 3: Aggressive Prosecution– Laws against consumer fraud and idenituy theft cover
Spyware acts– Law enforcement must be encouraged to take action– International law enforcement co-op needed
• 4: Planning – For DDoS from Botnets– Gov’t, ISP, corporate and international co-op needed