Presentation on theme: "Spyware. Is it a real problem ?. Gareth Smith RAL PPD Vendors are concerned about the cost of dealing with spyware-related complaints. But they also fear."— Presentation transcript:
Gareth Smith RAL PPD Vendors are concerned about the cost of dealing with spyware-related complaints. But they also fear that customers will wrongly blame them. By Allison Linn, Associated Press Spyware generally refers to programs that land on computers without their owners' knowledge. They can deliver hordes of pop-up ads, redirect people to unfamiliar search engines or, in rare cases, steal personal information. Users most often get them by downloading free games or file- sharing software - and consenting to language buried deep within a licensing agreement.
Gareth Smith RAL PPD Spyware Threat Seen Larger Than Most Corporations Realize By Gregg Keizer Courtesy of TechWeb NewsTechWeb News "Because help desk support is the most heavily exercised part of IT, companies know what the calls involve," said Stiennon. "Dell, for instance, says that 20 percent of its calls come from spyware problems, but in the enterprise it's even more so. Some companies are seeing 50 to 75 percent of their help desk calls stemming from spyware."
Gareth Smith RAL PPD Is this stuff picked up by Anti-Virus Vendors? From Sophos site: Sophos provides protection against software (viruses, spyware, diallers, Trojan horses, and worms) which behaves maliciously. There is a category of application known as 'adware' which although sometimes annoying cannot be described as malicious. The programs are normally up front about what they plan to do, ask the user's permission at installation, and include uninstallers. Understandably, the vendors of these adware applications are unhappy to be classified as malicious by an anti-virus application and may resort to legal action against anti-virus vendors who detect them inappropriately. Their view is that they have been upfront about what their application does, and have sought the user's permission to be installed. Users who wish to detect adware applications may like to consider some of the freely available adware- detection applications. If you have seen an application which you believe to be malicious (for instance if it collects keypresses without the user's knowledge or replicates) then please send it to email@example.com so the experts in Sophos's virus labs can analyse firstname.lastname@example.org
Gareth Smith RAL PPD Scans all or selected file types, including inside archives Scans memory for active pests and kills the process Zaps spyware cookies before they can phone home about you Stops known and unknown keyloggers from hooking your keyboard Quarantines or deletes any identified pest Checks and removes pests from registry and start-up areas Downloads and installs updates automatically on availability Tells you the specific threat level of any pest found Saves all pest-related events in an easy-to-read log file What does Pest Patrol Claim to Do ?
Gareth Smith RAL PPD Problems Seen Interface lumpy Sometimes the processes on client workstations make heavy demands on resources – both CPU and memory leading to performance problems. Repeated e-mails from some machines.
Gareth Smith RAL PPD What has been found - 1 Lots of tracking cookies Unknown Dialer(Dialer) In..Temporary Internet Files\blueleft.gif Unknown Trojan (Key logger) …Temporary Internet Files\.....\GoogleNav.cab W32/Vip.4311 (Dropper) …Temporary Int Files\.....\121878_euro2.jpg
Gareth Smith RAL PPD What has been found - 2 TightVNC 1.2.7 (Commercial RAT) 2 objects – location not specified. Timbuktu Pro (Commercial RAT) (process terminated). Exploit (Exploit) C:\Documents and Settings\....\Desktop\My Briefcase\Smi\state_manager\source\ptrvector.cc Can exclude by category or pest
Gareth Smith RAL PPD Utah sees first spyware case By John OatesJohn Oates Published Wednesday 19th May 2004 14:17 GMT Overstock.com is set to become the first company to take action under Utah's new anti-spyware law. The company has filed a complaint against online retailer SmartBargains in the third district court in Salt Lake City. Utah's spyware law, the world's first, only made the statute book on 3 May. Utah is the only state with current spyware legislation, although California and Iowa are considering their own versions of the law. Overstock alleges that SmartBargains is using spyware to display pop-up ads over the top of Overstock's website. Overstock wants the practise stopped and it wants damages, costs and legal fees.
Gareth Smith RAL PPD Conclusions Anti-virus products pick up the worst (malicious, self- replicating) spyware. But there is a lot of spyware stuff on systems. Not clear on its effect. This is a messy area and you have to think what you want to clean-up. Not sure we have enterprise class solution yet.