Académique Documents
Professionnel Documents
Culture Documents
Spyware
Definition.2...............................................................................................(4)
Conclusions .................................................................................(11)
References ..................................................................................(12)
1
2. Introduction to Spyware
Software to observe user behavior to collect information under users' noses is
often called spyware. These systems have become central to a heated debate
regarding online privacy, prompting the U.S. Congress to consider several bills.1 In
addition, the very nature of such systems--the collection of data that would not
otherwise be available outside of corporate firewalls--raises questions about how
companies can remain compliant with privacy-oriented regulation like the Health
Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-
Leach-Bliley Financial Modernization Act of 1999 (GLBA).
2
3.1.Definition of SpyWare
Definition 1:
In its most simple form, spyware is software designed to collect information from
computer system users without their knowledge. Typically, spyware can be classified
as a type of trojan horse, which is a type of technology-based security incident,
allowing for information security policy violation. Figure 1 shows where spyware fits
within the broader context of policy enforcement.
3
3.2.Definition of SpyWare
Definition 2:
3. Interface with a human (or machine) you have not requested a relationship with
In other words, spyware is something you never asked for from someone you don't
unknown destination using systems you know nothing about. It is something designed
so you won't know it is there, and won't be able to get rid of it once you find it.
4
4.1.Who and operates of spying
Who Is Spying ?
online attackers
marketing organizations
organized crime
trusted insiders
Spyware tracks online activity looking for web sites visited, financial data or identity
data such as credit card numbers on screen or entered into form fields, browsing and
online purchasing habits, and authentication credentials. When keywords of interest
like names of banks, online payment systems, the spyware starts its data collection
process.
1. Email Addresses
Email addresses can be harvested from an infected user’s computer and marketed for
use in spam mailing lists. Common techniques for harvesting email addresses and
other contact information includes enumerating email applications’ address books,
monitoring incoming and outgoing network packets related to email, and scanning
files on the system’s disks for strings that match the format of an email address.
2. Impact of Spyware
Spyware can cause people to lose trust in the reliability of online business
transactions. Similar to the problem of counterfeit currency in the physical world,
spyware undermines confidence in online economic activity. Consumers’ willingness
to participate in online monetary transactions decreases for fear of personal
financial loss. Vendors lose confidence that the person making the purchase is who
5
4.2.Who and operates of spying
they say they are and not actually a criminal using a stolen identity or illicit funds. In
efforts to manage the risk, vendors and financial institutions often implement
additional verification and other loss prevention programs at increased operational
cost.
Even when financial organizations cover an individual’s loss from online fraud, these
costs plus the overhead required to administer loss prevention programs are
eventually passed back to consumers in the form of higher service fees, interest rates,
or other price increases on the goods and services consumed. As a result, growth
rates in commerce are slowed, costs increase, and demand shrinks.
3. Impact to Computers
By monitoring and reporting user activity, spyware consumes system resources as
well as network bandwidth. Depending on the number of spyware components
loaded on a system and their functionality, users may experience significant
performance degradation.
Because spyware is not always carefully written and tested, systems infected by it are
often found to have reliability problems. Affected applications may crash more
frequently or the entire system may become unstable, resulting in potential
productivity and data loss.
6
5.1. Common Spyware Forms
There are thousands of instances of malware. Many forms of malware act primarily
as spyware, while other malware programs contain spyware features. Below are
examples of some frequently observed forms of spyware and their operating
characteristics.
BHOs can access files, network resources, and anything else the user who
launched Internet Explorer can access.
11
Malicious BHOs can be installed via stand-alone dropper Droppers are a special
kind of malware that deliver other malware to the client they are trying to infect.
They
usually operate by placing malicious files on the system and then changing the
system in some way that allows the
newly written malware files to be executed.
7
5.1. Common Spyware Forms
malware but are also often installed using the “drive-by install” technique, in
which code is installed or requested to be installed simply by the action of a user
visiting a malicious or compromised web site.
One technology often used in this type of installation is the ActiveX functionality
present in Internet Explorer. Depending on system and browser configuration,
the installation may take place automatically and be carried out without
prompting the user. In cases where there is prompting, information necessary to
make an informed decision can be covered with popup windows or other
obfuscation techniques such as naming the control “Click yes to download
ringtone.”
Another effective social engineering technique is inundating the user with repeated
popup requests to install the software that only end when the user leaves the site or
finally agrees and installs the component. Once the component is installed, it can
operate independently, download and install further malware, and even modify
browser settings that allow malware to be downloaded with no user notification or
interaction.
New and/or unidentifiable icons may appear in the task bar at the bottom of your
screen, while searches may result in you being redirected to a different search
7
5.1. remove Spyware
engine. Random error messages appear when you perform operations that previously
worked fine. But the best way to identify if you have been infected is to use a spyware
scanner, which will be included in any spyware removal software.
Antivirus software can find and remove any spyware on your computer, since these
usually include anti-spyware protection as well as spyware removal tools. You can
also check Programs and Features for items that don't belong on your computer.
Cookies are small amounts of data sent from a website to a computer. In Windows,
most cookies are stored as text files in the logged-on user’s Temporary Internet Files
folder. Websites use the encoded information in cookies to “remember” information
such as website visits, previous authentication attempts and the status of current
logins. Some websites use cookies to compile browsing history records, and it’s also
possible for hackers to impersonate someone’s login session by stealing his or her
cookies. Therefore, cleaning cookies off your business computers on a regular basis is
a good security practice.
7
5.1. remove Spyware
8
5.2.Classification of spyware
Classification of Spyware
Potentially Unwanted Software are classified into one or more of the following
categories based on the behaviors, traits, and other factors listed in the table below
Classification Threat
Adware Any program that runs on a computer with the purpose to present advertising to users
without any additional benefit to the computer or user.
Browser Plugins Any type of program or code that has potentially unwanted software characteristics
but only execute when a web browser is running.
Commercial Commercially developed software for which a fee is paid that is typically used for
Remote Access remote system access and control.
Tools
Dialers Any program which causes a computer modem or telephone system to dial out without
prompting the user on each instance and accurately reflecting the financial impact to
the user for allowing the call.
Hacker Tools Any computer program or code whose primary purpose is to determine the presence
of, or circumvent computer security controls.
Keystroke Loggers Any program which records the keyboard usage of a computer system without
explicitly requesting permission from the local user each time the program is
executed.
Other Any software or program which exhibits the traits or behaviors associated with
potentially unwanted software which does not fit into any of the other categories.
Screen Loggers Any program which captures information, text, or other content that is displayed on
the screen without conspicuously notifying the user each time.
Tracking Cookies Any web browser cookie which is used for the purpose of tracking the web page
access activities of the user that is not sent from the web site to which the user directed
their web browser.
Trojan Horse Any web browser cookie which is used for the purpose of tracking the web page
access activities of the user that is not sent from the web site to which the user directed
their web browser.
Worms Any program or code which attempts to self-propagate to other computer systems or
propagate with the assistance of users while misrepresenting its purpose or behavior;
or offering no benefit to the system owner or user.
8
8.Conclusions
Spyware, though not a particularly new problem when defined generally, remains a
problem that is difficult to manage. While there is no silver bullet to solve all of these
problems, there is hope. Like other security incidents, the problem can be managed
effectively with a comprehensive definition of the trusted computing base and a
program to maintain it. With the right support from policy and technology, malware,
including spyware, can be defeat
11
Reference
http://web.interhack.com/publications/spyware/conc
http://authentium.blogspot.com/2007/05/short-history-of-
spyware.htmlhttps://en.wikipedia.org/wiki/Spyware
https://www.checkpoint.com/defense/advisories/public/anti-spyware/classify.html
http://smallbusiness.chron.com/remove-spyware-tracking-cookies-53756.html
11