Spyware and Adware Rick Carback 9/18/2005 http://userpages.umbc.edu/~carback1/691i
What is Spyware? May be bundled or included with other software or install itself through other means Sends information about host computer back to a remote system or user Runs without user knowledge
Adware vs. Spyware Adware typically only annoys the user while Spyware will annoy and collect information to be sent back to the creator. Generally speaking Spyware is seen as more invasive and subversive Adware. Not all Adware and Spyware can be considered bad.
Spyware and Adware that isn’t bad? What? Some desirable applications, like kazaa, require the bundled adware to be running in order to work Monitoring child internet access Some people like targeted advertising
Why Adware and Spyware? Keeping installed software up to date Preventing software piracy Preventing illegal or unacceptable use of installed software Gathering of Marketing Information Annoying Advertisement Complete Privacy Invasion Illegal or Unacceptable use of resources Password, e-mail, and username harvesting
What does Spyware do? Usually hides from user once installed Uses central server or acts as a central server to send the information gathered May install other software or remove competitors software Targeted popup ads from observed website visits
More Spyware Operations Removes advertisements and replaces them with its own Alters search engine results Sends user to advertisers page instead of that requested
Spyware Operations (cont.) May direct machine to participate in a coordinated DOS or other attack Any information entered may be tracked –Extortion –Identity Theft
Effects of Spyware Complete Security breach Abuse of computer resources –Computer becomes unreliable (slows down or crashes) –Computational power may be sold by spyware author –Download, store, and serve illegal or unwanted content
Security Implications of Adware/Spyware Insecurities in Adware/Spyware applications mean the user is at risk Spyware can give an attacker complete control
Symptoms of Infected machines Unusually long browser startup times Reset homepage on browser Computer and Internet response is sluggish Unexplained popup messages Ads of competitors on the visited website System instability
Removing Spyware Clicking remove almost never works Customized tools for specific spyware applications More general Anti-spyware Tools are available that work much like Anti-virus software.
Stopping Spyware Internet Service Provider monitoring and blocking tools (WebTap) Better Operating System Design –Mac OS X and Linux are mostly adware free –SE Linux could prevent it altogether (processes do NOT have the same privileges as the user running them) Rise of the Internet generation
References Adware and Spyware: A growing privacy and security problem, David Saurino, SANS GSEC 2004.