Vous êtes sur la page 1sur 14

La République Algérienne Démocratique Et Populaire

La Ministère de L'enseignement Supérieur


et de la Recherche Scientifique

Université Chahid Hamma Lakhdar d’El Oued

Faculté des sciences exactes Module:


Département d'Informatique Sécurité Informatique
3ème LMD en Informatique Groupe: 02

Spyware

Prepared by: Directed by :


• Oussama Ben Abdallah • M. Khelaifa A.
• Riadh Bennaceur
• Essa Naimi

Année universitaire: 2017 - 2018


1.Contents

Introduction of spyware ...............................................................(2)


Definition of spyware ..................................................................(3)
Definition.1...............................................................................................(3)

Definition.2...............................................................................................(4)

Who and operates of spying .........................................................(5)


Who is Spying ..........................................................................................(5)

How Spyware operates ............................................................................(5)

Common Spyware Forms ..............................................................(7)


Common Spyware Forms ..........................................................................(7)

How to recognize spyware .......................................................................(8)

Remove Spyware .........................................................................(9)


How to remove spyware ....................................................................................(9)

How to remove spyware .....................................................................................(9)

How to Remove Spyware Tracking Cookies ......................................................(9)

Classification of Spyware .............................................................(10)


Classification of Spyware .....................................................................................(10)

Conclusions .................................................................................(11)
References ..................................................................................(12)

1
2. Introduction to Spyware
Software to observe user behavior to collect information under users' noses is
often called spyware. These systems have become central to a heated debate
regarding online privacy, prompting the U.S. Congress to consider several bills.1 In
addition, the very nature of such systems--the collection of data that would not
otherwise be available outside of corporate firewalls--raises questions about how
companies can remain compliant with privacy-oriented regulation like the Health
Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-
Leach-Bliley Financial Modernization Act of 1999 (GLBA).

One of the mild inconveniences associated with being an executive at a security


software company is you find yourself doing a lot of trouble-shooting and question-
answering for friends, family and neighbors. One of the questions I get asked most,
apart from "what are computer viruses?" is "what is spyware?"

2
3.1.Definition of SpyWare
Definition 1:

In its most simple form, spyware is software designed to collect information from
computer system users without their knowledge. Typically, spyware can be classified
as a type of trojan horse, which is a type of technology-based security incident,
allowing for information security policy violation. Figure 1 shows where spyware fits
within the broader context of policy enforcement.

Figure 1: Where Spyware Fits

3
3.2.Definition of SpyWare
Definition 2:

Spyware is the term given to a category of software which aims to steal


personal or organisational information. It is done by performing a set of operations
without appropriate user permissions, sometimes even covertly. Genera

actions a spyware performs include advertising, collection of personal information


and changing user configuration settings of the computer.

The term "spyware" denotes a class of computer programs that:

1. Install without permission (or on the basis of misleading info)

2. Maintain a presence on your PC on terms you never agreed to

3. Interface with a human (or machine) you have not requested a relationship with

4. Transmit data using a system you have no control over

5. Typically do not come with "uninstall" routines

In other words, spyware is something you never asked for from someone you don't

know. It is a tool that transmits an unknown amount of your personal data to an

unknown destination using systems you know nothing about. It is something designed

so you won't know it is there, and won't be able to get rid of it once you find it.

4
4.1.Who and operates of spying
Who Is Spying ?

The people who use spyware include

 online attackers
 marketing organizations
 organized crime
 trusted insiders

How Spyware Operates ?

Spyware tracks online activity looking for web sites visited, financial data or identity
data such as credit card numbers on screen or entered into form fields, browsing and
online purchasing habits, and authentication credentials. When keywords of interest
like names of banks, online payment systems, the spyware starts its data collection
process.

1. Email Addresses
Email addresses can be harvested from an infected user’s computer and marketed for
use in spam mailing lists. Common techniques for harvesting email addresses and
other contact information includes enumerating email applications’ address books,
monitoring incoming and outgoing network packets related to email, and scanning
files on the system’s disks for strings that match the format of an email address.

2. Impact of Spyware
Spyware can cause people to lose trust in the reliability of online business
transactions. Similar to the problem of counterfeit currency in the physical world,
spyware undermines confidence in online economic activity. Consumers’ willingness
to participate in online monetary transactions decreases for fear of personal
financial loss. Vendors lose confidence that the person making the purchase is who

5
4.2.Who and operates of spying
they say they are and not actually a criminal using a stolen identity or illicit funds. In
efforts to manage the risk, vendors and financial institutions often implement
additional verification and other loss prevention programs at increased operational
cost.
Even when financial organizations cover an individual’s loss from online fraud, these
costs plus the overhead required to administer loss prevention programs are
eventually passed back to consumers in the form of higher service fees, interest rates,
or other price increases on the goods and services consumed. As a result, growth
rates in commerce are slowed, costs increase, and demand shrinks.

3. Impact to Computers
By monitoring and reporting user activity, spyware consumes system resources as
well as network bandwidth. Depending on the number of spyware components
loaded on a system and their functionality, users may experience significant
performance degradation.

Because spyware is not always carefully written and tested, systems infected by it are
often found to have reliability problems. Affected applications may crash more
frequently or the entire system may become unstable, resulting in potential
productivity and data loss.

Often, spyware is difficult to remove without detailed knowledge of how it works or


by taking drastic measures such as wiping the system clean and starting over. In
many cases, verifying the integrity of the system requires the operating system,
patches, and applications to be reinstalled. These difficulties, combined with the
efforts necessary to recover user data, can take a lot of time.

6
5.1. Common Spyware Forms

Common Spyware Forms

There are thousands of instances of malware. Many forms of malware act primarily
as spyware, while other malware programs contain spyware features. Below are
examples of some frequently observed forms of spyware and their operating
characteristics.

1. Browser session hijacking


This class of spyware attempts to modify the user’s browser settings. Hijacking
spyware can be installed in various ways, but the intent is to modify the behavior of
the browser so the user is directed to sites of the malware author’s choice instead of
sites the user might have reached normally. These redirects often lead users to
advertisements that earn the hijackers commissions when they are visited.

2. Browser Helper Objects


Browser Helper Objects (BHOs) are a feature of Internet Explorer that can be
exploited by spyware. They are not always easy to detect.

BHOs can access files, network resources, and anything else the user who
launched Internet Explorer can access.

11
Malicious BHOs can be installed via stand-alone dropper Droppers are a special
kind of malware that deliver other malware to the client they are trying to infect.
They

usually operate by placing malicious files on the system and then changing the
system in some way that allows the
newly written malware files to be executed.

7
5.1. Common Spyware Forms
malware but are also often installed using the “drive-by install” technique, in
which code is installed or requested to be installed simply by the action of a user
visiting a malicious or compromised web site.

One technology often used in this type of installation is the ActiveX functionality
present in Internet Explorer. Depending on system and browser configuration,
the installation may take place automatically and be carried out without
prompting the user. In cases where there is prompting, information necessary to
make an informed decision can be covered with popup windows or other
obfuscation techniques such as naming the control “Click yes to download
ringtone.”

Another effective social engineering technique is inundating the user with repeated
popup requests to install the software that only end when the user leaves the site or
finally agrees and installs the component. Once the component is installed, it can
operate independently, download and install further malware, and even modify
browser settings that allow malware to be downloaded with no user notification or
interaction.

3. Cookies and Web Bugs


Cookies are small pieces of information stored on a user’s system by a web server.
During subsequent visits, the web server can retrieve these cookies. Often, cookies
are used for storing user authentication, preferences, and other types of user state
information. They can be used to track a user across multiple web sites. Using
correlation and techniques such as “web bugs,” over time they can be used to build
profiles of individual users.

How to recognize spyware

New and/or unidentifiable icons may appear in the task bar at the bottom of your
screen, while searches may result in you being redirected to a different search
7
5.1. remove Spyware
engine. Random error messages appear when you perform operations that previously
worked fine. But the best way to identify if you have been infected is to use a spyware
scanner, which will be included in any spyware removal software.

How to remove spyware

Antivirus software can find and remove any spyware on your computer, since these
usually include anti-spyware protection as well as spyware removal tools. You can
also check Programs and Features for items that don't belong on your computer.

How to prevent spyware

 Use antivirus and anti-spyware software.


 Ensure that your browser, operating system, and software have the latest updates
and security patches.
 Set your browser security and privacy levels higher.
 Use extreme caution if you frequent file-sharing sites.
 Don't click on pop-up ads.

How to Remove Spyware Tracking Cookies

Cookies are small amounts of data sent from a website to a computer. In Windows,
most cookies are stored as text files in the logged-on user’s Temporary Internet Files
folder. Websites use the encoded information in cookies to “remember” information
such as website visits, previous authentication attempts and the status of current
logins. Some websites use cookies to compile browsing history records, and it’s also
possible for hackers to impersonate someone’s login session by stealing his or her
cookies. Therefore, cleaning cookies off your business computers on a regular basis is
a good security practice.

7
5.1. remove Spyware

1. Click on the “Start” button and select “Control Panel.”


2. Click on “Internet Options" to bring up the Internet Properties dialog box.
3. Click the “Delete” button under Browsing History on the General tab.
4. Check the “Cookies” box, and uncheck everything else.
5. Click “Delete.”

8
5.2.Classification of spyware

Classification of Spyware

Defining Potentially Unwanted Software Classifications

Potentially Unwanted Software applications are categorized based upon the


behaviors that are exhibited by the applications, assertions made by the publisher,
and the distribution method of the software.

Potentially Unwanted Software are classified into one or more of the following
categories based on the behaviors, traits, and other factors listed in the table below

Classification Threat
Adware Any program that runs on a computer with the purpose to present advertising to users
without any additional benefit to the computer or user.

Browser Plugins Any type of program or code that has potentially unwanted software characteristics
but only execute when a web browser is running.

Commercial Commercially developed software for which a fee is paid that is typically used for
Remote Access remote system access and control.
Tools
Dialers Any program which causes a computer modem or telephone system to dial out without
prompting the user on each instance and accurately reflecting the financial impact to
the user for allowing the call.
Hacker Tools Any computer program or code whose primary purpose is to determine the presence
of, or circumvent computer security controls.

Keystroke Loggers Any program which records the keyboard usage of a computer system without
explicitly requesting permission from the local user each time the program is
executed.
Other Any software or program which exhibits the traits or behaviors associated with
potentially unwanted software which does not fit into any of the other categories.

Screen Loggers Any program which captures information, text, or other content that is displayed on
the screen without conspicuously notifying the user each time.

Tracking Cookies Any web browser cookie which is used for the purpose of tracking the web page
access activities of the user that is not sent from the web site to which the user directed
their web browser.
Trojan Horse Any web browser cookie which is used for the purpose of tracking the web page
access activities of the user that is not sent from the web site to which the user directed
their web browser.
Worms Any program or code which attempts to self-propagate to other computer systems or
propagate with the assistance of users while misrepresenting its purpose or behavior;
or offering no benefit to the system owner or user.

8
8.Conclusions

Spyware, though not a particularly new problem when defined generally, remains a
problem that is difficult to manage. While there is no silver bullet to solve all of these
problems, there is hope. Like other security incidents, the problem can be managed
effectively with a comprehensive definition of the trusted computing base and a
program to maintain it. With the right support from policy and technology, malware,
including spyware, can be defeat

11
Reference

 http://web.interhack.com/publications/spyware/conc
 http://authentium.blogspot.com/2007/05/short-history-of-
spyware.htmlhttps://en.wikipedia.org/wiki/Spyware
 https://www.checkpoint.com/defense/advisories/public/anti-spyware/classify.html
 http://smallbusiness.chron.com/remove-spyware-tracking-cookies-53756.html

11

Vous aimerez peut-être aussi