1. ITIS 1210 Introduction to Web-Based Information Systems Chapter 49 The Dangers of Spyware and Phishing

2. Spyware  Umbrella term for software that “watches” your surfing activity  Without your knowledge, reports on  Web pages you visit  Track your Web searches  Record keystrokes  Open a backdoor into your computer

3. Spyware  How does it get on your computer?  By downloading and installing “free” software  Kazaa file-sharing software, for example  Spyware “rides along”  Installing what you wanted causes the spyware to be installed as well  Spyware runs whether or not the installed application is running

4. Spyware  Purpose – generate cash  Delivers pop-up ads  Clicking to close still generates cash for the ad developer  May even cause a new ad to pop up

5. Spyware  At regular intervals the spyware sends information back to its owner  Information collected and analyzed  Profile about you built  Ads targeted to you specifically are then sent to you when you run the program the spyware came in on

6. Spyware  Deleting the original application usually has no effect on the spyware  Might not be able to deliver ads any more but it still reports on your activities

7. Spyware Money Trail  Reputable Web sites or merchants may be part of a money trail associated with spyware  User signs up as an affiliate  Your Web site has a link to someone else’s site  They agree to pay you for referrals  Examples: Dell, Staples, Clickbank DellStaplesClickbankDellStaplesClickbank

8. Affiliates http://www.dishpronto.com/images/affbigban.jpg

9. Spyware Money Trail  Affiliate signs up and receives an ID  Some merchants monitor affiliates, some don’t  Spyware commonly follows merchants who do not do a good job of policing their affiliate programs

10. Spyware Money Trail  Spyware authors make deals with affiliates  Their spyware includes links to the affiliate’s real destination and uses their ID  Affiliate includes spyware on their Web site or otherwise distributes it  Unsuspecting user downloads spyware  Clicks on links

11. Spyware Money Trail  Merchant counts clocks and pays affiliate  Affiliate splits income with spyware author  Pop-under – variation of a pop-up  Opens a new window hidden under the active window

12. Spyware Money Trail  A pop under promoting Gateway, purchased from Direct Revenue by a rogue affiliate.  If a user ultimately makes a purchase from Gateway, the pop under causes Gateway to pay commissions to the affiliate, via Commission Junction.  Gateway pays these commissions even though it did not know of or approve the affiliate's decision to place advertising with Direct Revenue.  Notice Gateway pop under (upper left corner, within a window labeled "Aurora" -- a Direct Revenue product name).

13. How Phishing Works  Phishing attacks appear to be from a legitimate site but are forgeries  Typically you receive an email  Problem with your account  Need to verify your identify  Someone has tried to access your account so you need to verify that everything is still OK

14. How Phishing Works  Email looks authentic  Correct logos and colors  Some links may actually connect to the real site  Click on the link provided (for your convenience)  Takes you to a forgery of the real site  Actually run by phisher

15. How Phishing Works  Destination site looks authentic  Graphics, design, links,etc.  Some links may even work properly  User logs in  Phisher now knows username & password  You answer questions or provide information directly to the phisher  Credit card information

16. How Phishing Works  Results?  Identify theft  Access to your bank accounts  Examples:  Citibank Citibank  eBay eBay  IRS

17. Following the Phishing Money Trail  Phishers rarely work alone  Usually part of a larger criminal organization  Russian Mafia

18. Protecting Against Spyware  New spyware released all the time  New, updated signatures have to be constantly downloaded  Some spyware changes (morphs)  Hard to detect  Anti-spyware looks for behaviors as well as signatures

19. Protecting Against Spyware  Deleting spyware a complex task  Many files may be involved  Windows Registry might have to be corrected  May even require a specific program to delete some spyware  Real-time protection available  Program in memory constantly running  Watches for spyware installation signs

20. Protecting Against Spyware  Deleting that program doesn’t delete the spyware  Must use a spyware removal tool  Ad-Aware from www.lavasoft.com www.lavasoft.com  Spy-Bot Search & Destroy Spy-Bot  Spyware Remover Spyware Remover Spyware Remover