Spyware and Adware

Rick Carback

9/18/2005http://userpages.umbc.edu/~carback1/691i

What is Adware?

• Advertising supported software

• Goes beyond the advertising found in shareware or freeware

• May run without user knowledge

• Shows unwanted advertisements

• Required by terms of use

What is Spyware?

• May be bundled or included with other software or install itself through other means

• Sends information about host computer back to a remote system or user

• Runs without user knowledge

Adware vs. Spyware

• Adware typically only annoys the user while Spyware will annoy and collect information to be sent back to the creator.

• Generally speaking Spyware is seen as more invasive and subversive Adware.

• Not all Adware and Spyware can be considered bad.

Spyware and Adware that isn’t bad? What?

• Some desirable applications, like kazaa, require the bundled adware to be running in order to work

• Monitoring child internet access

• Some people like targeted advertising

Why Adware and Spyware?

• Keeping installed software up to date

• Preventing software piracy

• Preventing illegal or unacceptable use of installed software

• Gathering of Marketing Information

• Annoying Advertisement

• Complete Privacy Invasion

• Illegal or Unacceptable use of resources

• Password, e-mail, and username harvesting

How does it get there?

• Installation required by Terms of use for other software– Embedded– Bundled

• Exploitation of browser or operating system vulnerability

• Pure deception

What does Spyware do?

• Usually hides from user once installed

• Uses central server or acts as a central server to send the information gathered

• May install other software or remove competitors software

• Targeted popup ads from observed website visits

More Spyware Operations

• Removes advertisements and replaces them with its own

• Alters search engine results

• Sends user to advertisers page instead of that requested

Spyware Operations (cont.)

• May direct machine to participate in a coordinated DOS or other attack

• Any information entered may be tracked– Extortion– Identity Theft

Effects of Spyware

• Complete Security breach

• Abuse of computer resources– Computer becomes unreliable (slows down

or crashes)– Computational power may be sold by

spyware author– Download, store, and serve illegal or

unwanted content

Examples of Adware/Spyware

Security Implications of Adware/Spyware

• Insecurities in Adware/Spyware applications mean the user is at risk

• Spyware can give an attacker complete control

Symptoms of Infected machines

• Unusually long browser startup times• Reset homepage on browser• Computer and Internet response is sluggish• Unexplained popup messages• Ads of competitors on the visited website• System instability

Removing Spyware

• Clicking remove almost never works• Customized tools for specific spyware applications• More general Anti-spyware Tools are available that

work much like Anti-virus software.

Avoiding Adware and Spyware

• Purchasing Adware free version

• Using free software

• Use Anti-Virus, Anti-Spyware, and Firewall applications

Stopping Spyware

• Internet Service Provider monitoring and blocking tools (WebTap)

• Better Operating System Design– Mac OS X and Linux are mostly adware free– SE Linux could prevent it altogether (processes do

NOT have the same privileges as the user running them)

• Rise of the Internet generation

References

• Adware and Spyware: A growing privacy and security problem, David Saurino, SANS GSEC 2004.