SlideShare ist ein Scribd-Unternehmen logo

Presentation

Als PPT, PDF herunterladen
Mohd Arif
Mohd Arif
Technologie
1 von 36
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Spyware and Trojan Horses Computer Security Seminar Series [SS1] Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Your computer could be watching your every move! Image Source - http://www.clubpmi.it/upload/servizi_marketing/images/spyware.jpg Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Introduction Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Seminar Overview • Introduction to Spyware / Trojan Horses • Spyware – Examples, Mechanics, Effects, Solutions • Tracking Cookies – Mechanics, Effects, Solutions • Trojan Horses – Mechanics, Effects, More Examples • Solutions to the problems posed • Human Factors – Human interaction with Spyware • “System X” – Having suitable avoidance mechanisms • Conclusions – Including our proposals for solutions Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Definitions A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have A REbeen known to use Spyware to gather data about customers. YW The practice is generally frowned upon. SP An apparently useful and innocent program containing additional JAN hidden code which allows the unauthorized collection, RO SE T R exploitation, falsification, or destruction of data. HO
Symptoms • Targeted Pop-ups SPYWARE • Slow Connection SPYWARE / TROJAN • Targeted E-Mail (Spam) SPYWARE • Unauthorized Access TROJAN HORSE • Spam Relaying TROJAN HORSE • System Crash SPYWARE / TROJAN • Program Customisation SPYWARE
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Summary of Effects • Collection of data from your computer without consent • Execution of code without consent • Assignment of a unique code to identify you • Collection of data pertaining to your habitual use • Installation on your computer without your consent • Inability to remove the software • Performing other undesirable tasks without consent Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Similarities / Differences Spyware Trojan Horses Commercially Motivated Malicious Internet connection required Any network connection required Initiates remote connection Receives incoming connection Purpose: To monitor activity Purpose: To control activity Collects data and displays pop-ups Unauthorized access and control Legal Illegal Not Detectable with Virus Checker Detectable with Virus Checker Age: Relatively New (< 5 Years) Age: Relatively Old ( > 20 Years) Memory Resident Processes Surreptitiously installed without user’s consent or understanding Creates a security vulnerability
Spyware
Software Examples • GAIN / Gator • Gator E-Wallet • Cydoor • BonziBuddy • MySearch Toolbar • DownloadWare • BrowserAid Image Sources… • Dogpile Toolbar GAIN Logo – The Gator Corporation – http://www.gator.com BonziBuddy Logo – Bonzi.com - http://images.bonzi.com/images/gorillatalk.gif DownloadWare Logo – DownloadWare - http://www.downloadware.net
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Spyware Defence User Initiatives… Technical Initiatives... • Issue Awareness • Spyware Removal Programs • Use Legitimate S/W Sources • Pop-up Blockers • Improved Technical Ability • Firewall Technology • Choice of Browser • Disable ActiveX Controls • Choice of OS – Not Sandboxed • Legal action taken against • E-Mail Filters breaches of privacy • Download Patches – Oct ’02 Doubleclick Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Spyware Removers Ad-aware (by Lavasoft) – Reverse Engineer Spyware – Scans Memory, Registry and Hard Drive for… • Data Mining components • Aggressive advertising components • Tracking components – Updates from Lavasoft – Plug-ins available • Extra file information • Disable Windows Messenger Service Image Source – Screenshot of Ad-aware 6.0. LavaSoft. See http://www.lavasoft.com Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Vulnerable Systems • Those with an internet connection! • Microsoft Windows 9x/Me/NT/2000/XP • Does not affect Open Source OSs • Non - fire-walled systems • Internet Explorer, executes ActiveX plug-ins • Other browsers not affected Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horses Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Installation • Secretly installed when an infected executable is run – Much like a virus – Executables typically come from P2P networks or unscrupulous websites • ActiveX controls on websites – ActiveX allows automatic installation of software from websites – User probably does not know what they are running – Misleading descriptions often given – Not sandboxed! – Digital signatures used, signing not necessary Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Installation • Certificate Authority • Misleading Certificate Description • Who is trusted? Image Source – Screenshot of Microsoft Internet Explorer 6 security warning, prior to the installation of an ActiveX Control from “Roings”. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Effects • Allows remote access – To spy – To disrupt – To relay a malicious connection, so as to disguise the attacker’s location (spam, hacking) – To access resources (i.e. bandwidth, files) – To launch a DDoS attack Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Operation • Listen for connections • Memory resident • Start at boot-up • Disguise presence • Rootkits integrate with kernel • Password Protected Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Example: Back Orifice • Back Orifice – Produced by the “Cult of the Dead Cow” – Win95/98 is vulnerable – Toast of DefCon 6 – Similar operation to NetBus – Name similar to MS Product of the time Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol • Modular authentication • Modular encryption – AES and CAST-256 modules available • UDP or TCP • Variable port – Avoids most firewalls • IP Notification via. ICQ – Dynamic IP addressing not a problem Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol Example (1) TROJAN INFECTION OCCURS Attacker Victim ICQ SERVER IP ADDRESS IP ADDRESS AND PORT AND PORT CONNECTION Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol Example (2) COMMAND COMMAND EXECUTED Attacker Victim CONNECTION REQUEST FOR INFORMATION INFORMATION Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol Example (3) CLEANUP COMMAND EVIDENCE DESTROYED Attacker Victim Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horse Examples • M$ Rootkit – Integrates with the NT kernel – Very dangerous – Virtually undetectable once installed – Hides from administrator as well as user – Private TCP/IP stack (LAN only) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horse Examples • iSpyNOW – Commercial – Web-based client • Assassin Trojan – Custom builds may be purchased – These are not found by virus scanners – Firewall circumvention technology Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horse Examples • Hardware – Key loggers – More advanced? • Magic Lantern – FBI developed – Legal grey area (until recently!) – Split virus checking world Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Demonstration Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Vulnerable Systems Number of trojans in common use… RELATIVELY SAFE DANGEROUS MacOS MacOS X Linux/Unix WinNT Win 9x WinNT refers to Windows NT 4, 2000, XP and Server 2003. Win9x refers to Windows 95, 95SE, 98 and ME. Information Source: McAfee Security - http://us.mcafee.com/ Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Vulnerable Systems Ease of compromise… RELATIVELY SAFE DANGEROUS Linux/Unix MacOS X WinNT MacOS Win 9x WinNT refers to Windows NT 4, 2000, XP and Server 2003. Win9x refers to Windows 95, 95SE, 98 and ME. Information Source: McAfee Security - http://us.mcafee.com/ Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Conclusions Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Security Implications Short Term Long Term • Divulge personal data • Mass data collection • Backdoors into system • Consequences unknown • System corruption • Web becomes unusable • Disruption / Irritation • Web cons outweigh pros • Aids identity theft • Cost of preventions • Easy virus distribution • More development work • Increased spam • More IP addresses (IPv6) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Solutions Short Term Long Term • Firewall • Add Spyware to Anti-Virus • Virus Checker • Automatic maintenance • Spyware Remover • Legislation • Frequent OS updates • Education on problems • Frequent back-up • Biometric access • Learning problems • Semantic web (and search) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Firewalls Network / Internet • 3 Types… – Packet Filtering – Examines attributes of packet. – Application Layer – Hides the network by impersonating the server (proxy). – Stateful Inspection – Examines both the state and context of the packets. • Regardless of type; must be configured to work properly. • Access rules must be defined and entered into firewall. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Firewalls Network / Internet http - tcp 80 telnet - tcp 23 http - tcp 80 Packet Filtering ftp - tcp 21 Web Server Firewall Allow only http - tcp 80 192.168.0.10 : 1020 202.52.222.10: 80 202.52.222.10: 80 Stateful Inspection 192.168.0.10 : 1020 PC Firewall Only allow reply packets for requests made out Block other unregistered traffic Image Source – Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4]. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Intrusion Detection Systems Network Server Switch Firewall IDS Server • Intrusion Detection – A Commercial Network Solution • An “Intelligent Firewall” – monitors accesses for suspicious activity • Neural Networks trained by Backpropagation on Usage Data • Could detect Trojan Horse attack, but not designed for Spyware PC • Put the IDS in front of the firewall to get maximum detection • In a switched network, put IDS on a mirrored port to get all traffic. • Ensure all network traffic passes through the IDS host. Image Source – Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4]. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 “System X” Network / Internet / Standalone • Composed of… – Open Source OS – Mozilla / Opera / Lynx (!) Browser (Not IE) – Stateful Inspection Firewall – Anti-Virus Software – Careful and educated user – Secure permissions system – Regularly updated (possibly automatically) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk

Empfohlen

System failure
System failureSystem failure
System failurechrispaul8676
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015n|u - The Open Security Community
 
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersCe Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersKislaychd
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threatsVincenzo Iozzo
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSyed Irshad Ali
 

Empfohlen

System failure
System failureSystem failure
System failurechrispaul8676
 
Ce Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesCe Hv6 Module 44 Internet Content Filtering Techniques
Ce Hv6 Module 44 Internet Content Filtering TechniquesKislaychd
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015n|u - The Open Security Community
 
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersCe Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database ServersKislaychd
 
Ce hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomCe hv6 module 52 hacking rss and atom
Ce hv6 module 52 hacking rss and atomVi Tính Hoàng Nam
 
Ceh v5 module 09 social engineering
Ceh v5 module 09 social engineeringCeh v5 module 09 social engineering
Ceh v5 module 09 social engineeringVi Tính Hoàng Nam
 
A tale of mobile threats
A tale of mobile threatsA tale of mobile threats
A tale of mobile threatsVincenzo Iozzo
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical HackingSyed Irshad Ali
 
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovDetecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovEric Vanderburg
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Lec21 security
Lec21 securityLec21 security
Lec21 securityVijay Kanth
 
Computer and internet security
Computer and internet securityComputer and internet security
Computer and internet securityhoshmand kareem
 
Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Steinar Aandal-Vanger
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
File000145
File000145File000145
File000145Desmond Devendran
 
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsersCe hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsersVi Tính Hoàng Nam
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-bBbAOC
 
File000154
File000154File000154
File000154Desmond Devendran
 
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Akhil Sharma
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security ThreatsQuick Heal Technologies Ltd.
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdfJoeMarieDormido2
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Information-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxInformation-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxanbersattar
 
The Dark Arts of Hacking.
The Dark Arts of Hacking.The Dark Arts of Hacking.
The Dark Arts of Hacking.Sumutiu Marius
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12kiranlohakare2
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2Royalzig Luxury Furniture
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsBenjamin Sangalang
 

Weitere ähnliche Inhalte

Was ist angesagt?

Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovDetecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovEric Vanderburg
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelRamsés Gallego
 
Computer and internet security
Computer and internet securityComputer and internet security
Computer and internet securityhoshmand kareem
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsersCe hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsersVi Tính Hoàng Nam
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-bBbAOC
 

Was ist angesagt? (10)

Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnovDetecting Intrusions and Malware - Eric Vanderburg - JurInnov
Detecting Intrusions and Malware - Eric Vanderburg - JurInnov
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Lec21 security
Lec21 securityLec21 security
Lec21 security
 
Computer and internet security
Computer and internet securityComputer and internet security
Computer and internet security
 
Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?Hvordan stopper du CryptoLocker?
Hvordan stopper du CryptoLocker?
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)
 
File000145
File000145File000145
File000145
 
Ce hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsersCe hv6 module 53 hacking web browsers
Ce hv6 module 53 hacking web browsers
 
Module 2 threats-b
Module 2 threats-bModule 2 threats-b
Module 2 threats-b
 
File000154
File000154File000154
File000154
 

Ähnlich wie Presentation

Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Akhil Sharma
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012inf8nity
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and EthicsMohsin Riaz
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security riskshazirma
 
Information-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxInformation-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxanbersattar
 
The Dark Arts of Hacking.
The Dark Arts of Hacking.The Dark Arts of Hacking.
The Dark Arts of Hacking.Sumutiu Marius
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.pptEndAlk15
 
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of the Internet
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimenidhidgowda185
 
Cyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pmCyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pmMuhammadJalalShah1
 
Cyber crimeppt1-samweg1 (1)
Cyber crimeppt1-samweg1 (1)Cyber crimeppt1-samweg1 (1)
Cyber crimeppt1-samweg1 (1)Samwed Jain
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMohsin Dahar
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptxmalikmuzammil2326
 
Computer security
Computer securityComputer security
Computer securityDhani Ahmad
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsAPNIC
 

Ähnlich wie Presentation (20)

Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
Spyware and Trojan Horses (Computer Security Seminar by Akhil Sharma)
 
Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012Surfing with Sharks KS ED TECH 2012
Surfing with Sharks KS ED TECH 2012
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdf
 
Computer Security and Ethics
Computer Security and EthicsComputer Security and Ethics
Computer Security and Ethics
 
4.2.1 computer security risks
4.2.1 computer security risks4.2.1 computer security risks
4.2.1 computer security risks
 
Information-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptxInformation-Security-Lecture-5.pptx
Information-Security-Lecture-5.pptx
 
The Dark Arts of Hacking.
The Dark Arts of Hacking.The Dark Arts of Hacking.
The Dark Arts of Hacking.
 
MIS part 4_CH 11.ppt
MIS part 4_CH 11.pptMIS part 4_CH 11.ppt
MIS part 4_CH 11.ppt
 
Cyber crimes 12
Cyber crimes 12Cyber crimes 12
Cyber crimes 12
 
internet securityand cyber law Unit2
internet securityand cyber law Unit2internet securityand cyber law Unit2
internet securityand cyber law Unit2
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentationState of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
State of-the-internet-web-security-threat-advisory-blackshades-rat-presentation
 
Cyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crimeCyber security:Tools used in cyber crime
Cyber security:Tools used in cyber crime
 
Cyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pmCyber threat-hunting---part-2-25062021-095909pm
Cyber threat-hunting---part-2-25062021-095909pm
 
Cyber crimeppt1-samweg1 (1)
Cyber crimeppt1-samweg1 (1)Cyber crimeppt1-samweg1 (1)
Cyber crimeppt1-samweg1 (1)
 
Malware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpurMalware program by mohsin ali dahar khairpur
Malware program by mohsin ali dahar khairpur
 
Information about malwares and Attacks.pptx
Information about malwares and Attacks.pptxInformation about malwares and Attacks.pptx
Information about malwares and Attacks.pptx
 
Computer security
Computer securityComputer security
Computer security
 
Honeypots for proactively detecting security incidents
Honeypots for proactively detecting security incidentsHoneypots for proactively detecting security incidents
Honeypots for proactively detecting security incidents
 

Mehr von Mohd Arif

Bootp and dhcp
Bootp and dhcpBootp and dhcp
Bootp and dhcpMohd Arif
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarpMohd Arif
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocolMohd Arif
 
Project identification
Project identificationProject identification
Project identificationMohd Arif
 
Project evalaution techniques
Project evalaution techniquesProject evalaution techniques
Project evalaution techniquesMohd Arif
 
Pointers in c
Pointers in cPointers in c
Pointers in cMohd Arif
 
Peer to-peer
Peer to-peerPeer to-peer
Peer to-peerMohd Arif
 
Overview of current communications systems
Overview of current communications systemsOverview of current communications systems
Overview of current communications systemsMohd Arif
 
Overall 23 11_2007_hdp
Overall 23 11_2007_hdpOverall 23 11_2007_hdp
Overall 23 11_2007_hdpMohd Arif
 
Objectives of budgeting
Objectives of budgetingObjectives of budgeting
Objectives of budgetingMohd Arif
 
Network management
Network managementNetwork management
Network managementMohd Arif
 
Networing basics
Networing basicsNetworing basics
Networing basicsMohd Arif
 
Iris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platformIris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platformMohd Arif
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and sslMohd Arif
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psecMohd Arif
 
Intro to comp. hardware
Intro to comp. hardwareIntro to comp. hardware
Intro to comp. hardwareMohd Arif
 
H.323 vs. cops interworking
H.323 vs. cops interworkingH.323 vs. cops interworking
H.323 vs. cops interworkingMohd Arif
 

Mehr von Mohd Arif (20)

Bootp and dhcp
Bootp and dhcpBootp and dhcp
Bootp and dhcp
 
Arp and rarp
Arp and rarpArp and rarp
Arp and rarp
 
User datagram protocol
User datagram protocolUser datagram protocol
User datagram protocol
 
Project identification
Project identificationProject identification
Project identification
 
Project evalaution techniques
Project evalaution techniquesProject evalaution techniques
Project evalaution techniques
 
Pointers in c
Pointers in cPointers in c
Pointers in c
 
Peer to-peer
Peer to-peerPeer to-peer
Peer to-peer
 
Overview of current communications systems
Overview of current communications systemsOverview of current communications systems
Overview of current communications systems
 
Overall 23 11_2007_hdp
Overall 23 11_2007_hdpOverall 23 11_2007_hdp
Overall 23 11_2007_hdp
 
Objectives of budgeting
Objectives of budgetingObjectives of budgeting
Objectives of budgeting
 
Network management
Network managementNetwork management
Network management
 
Networing basics
Networing basicsNetworing basics
Networing basics
 
Loaders
LoadersLoaders
Loaders
 
Lists
ListsLists
Lists
 
Iris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platformIris ngx next generation ip based switching platform
Iris ngx next generation ip based switching platform
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Ip security in i psec
Ip security in i psecIp security in i psec
Ip security in i psec
 
Intro to comp. hardware
Intro to comp. hardwareIntro to comp. hardware
Intro to comp. hardware
 
Heap sort
Heap sortHeap sort
Heap sort
 
H.323 vs. cops interworking
H.323 vs. cops interworkingH.323 vs. cops interworking
H.323 vs. cops interworking
 

Kürzlich hochgeladen

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Presentation

  • 1. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Spyware and Trojan Horses Computer Security Seminar Series [SS1] Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 2. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Your computer could be watching your every move! Image Source - http://www.clubpmi.it/upload/servizi_marketing/images/spyware.jpg Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 3. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Introduction Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 4. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Seminar Overview • Introduction to Spyware / Trojan Horses • Spyware – Examples, Mechanics, Effects, Solutions • Tracking Cookies – Mechanics, Effects, Solutions • Trojan Horses – Mechanics, Effects, More Examples • Solutions to the problems posed • Human Factors – Human interaction with Spyware • “System X” – Having suitable avoidance mechanisms • Conclusions – Including our proposals for solutions Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 5. Definitions A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have A REbeen known to use Spyware to gather data about customers. YW The practice is generally frowned upon. SP An apparently useful and innocent program containing additional JAN hidden code which allows the unauthorized collection, RO SE T R exploitation, falsification, or destruction of data. HO
  • 6. Symptoms • Targeted Pop-ups SPYWARE • Slow Connection SPYWARE / TROJAN • Targeted E-Mail (Spam) SPYWARE • Unauthorized Access TROJAN HORSE • Spam Relaying TROJAN HORSE • System Crash SPYWARE / TROJAN • Program Customisation SPYWARE
  • 7. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Summary of Effects • Collection of data from your computer without consent • Execution of code without consent • Assignment of a unique code to identify you • Collection of data pertaining to your habitual use • Installation on your computer without your consent • Inability to remove the software • Performing other undesirable tasks without consent Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 8. Similarities / Differences Spyware Trojan Horses Commercially Motivated Malicious Internet connection required Any network connection required Initiates remote connection Receives incoming connection Purpose: To monitor activity Purpose: To control activity Collects data and displays pop-ups Unauthorized access and control Legal Illegal Not Detectable with Virus Checker Detectable with Virus Checker Age: Relatively New (< 5 Years) Age: Relatively Old ( > 20 Years) Memory Resident Processes Surreptitiously installed without user’s consent or understanding Creates a security vulnerability
  • 10. Software Examples • GAIN / Gator • Gator E-Wallet • Cydoor • BonziBuddy • MySearch Toolbar • DownloadWare • BrowserAid Image Sources… • Dogpile Toolbar GAIN Logo – The Gator Corporation – http://www.gator.com BonziBuddy Logo – Bonzi.com - http://images.bonzi.com/images/gorillatalk.gif DownloadWare Logo – DownloadWare - http://www.downloadware.net
  • 11. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Spyware Defence User Initiatives… Technical Initiatives... • Issue Awareness • Spyware Removal Programs • Use Legitimate S/W Sources • Pop-up Blockers • Improved Technical Ability • Firewall Technology • Choice of Browser • Disable ActiveX Controls • Choice of OS – Not Sandboxed • Legal action taken against • E-Mail Filters breaches of privacy • Download Patches – Oct ’02 Doubleclick Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 12. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Spyware Removers Ad-aware (by Lavasoft) – Reverse Engineer Spyware – Scans Memory, Registry and Hard Drive for… • Data Mining components • Aggressive advertising components • Tracking components – Updates from Lavasoft – Plug-ins available • Extra file information • Disable Windows Messenger Service Image Source – Screenshot of Ad-aware 6.0. LavaSoft. See http://www.lavasoft.com Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 13. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Vulnerable Systems • Those with an internet connection! • Microsoft Windows 9x/Me/NT/2000/XP • Does not affect Open Source OSs • Non - fire-walled systems • Internet Explorer, executes ActiveX plug-ins • Other browsers not affected Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 14. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horses Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 15. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Installation • Secretly installed when an infected executable is run – Much like a virus – Executables typically come from P2P networks or unscrupulous websites • ActiveX controls on websites – ActiveX allows automatic installation of software from websites – User probably does not know what they are running – Misleading descriptions often given – Not sandboxed! – Digital signatures used, signing not necessary Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 16. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Installation • Certificate Authority • Misleading Certificate Description • Who is trusted? Image Source – Screenshot of Microsoft Internet Explorer 6 security warning, prior to the installation of an ActiveX Control from “Roings”. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 17. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Effects • Allows remote access – To spy – To disrupt – To relay a malicious connection, so as to disguise the attacker’s location (spam, hacking) – To access resources (i.e. bandwidth, files) – To launch a DDoS attack Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 18. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Operation • Listen for connections • Memory resident • Start at boot-up • Disguise presence • Rootkits integrate with kernel • Password Protected Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 19. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Example: Back Orifice • Back Orifice – Produced by the “Cult of the Dead Cow” – Win95/98 is vulnerable – Toast of DefCon 6 – Similar operation to NetBus – Name similar to MS Product of the time Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 20. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol • Modular authentication • Modular encryption – AES and CAST-256 modules available • UDP or TCP • Variable port – Avoids most firewalls • IP Notification via. ICQ – Dynamic IP addressing not a problem Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 21. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol Example (1) TROJAN INFECTION OCCURS Attacker Victim ICQ SERVER IP ADDRESS IP ADDRESS AND PORT AND PORT CONNECTION Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 22. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol Example (2) COMMAND COMMAND EXECUTED Attacker Victim CONNECTION REQUEST FOR INFORMATION INFORMATION Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 23. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 BO: Protocol Example (3) CLEANUP COMMAND EVIDENCE DESTROYED Attacker Victim Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 24. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horse Examples • M$ Rootkit – Integrates with the NT kernel – Very dangerous – Virtually undetectable once installed – Hides from administrator as well as user – Private TCP/IP stack (LAN only) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 25. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horse Examples • iSpyNOW – Commercial – Web-based client • Assassin Trojan – Custom builds may be purchased – These are not found by virus scanners – Firewall circumvention technology Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 26. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Trojan Horse Examples • Hardware – Key loggers – More advanced? • Magic Lantern – FBI developed – Legal grey area (until recently!) – Split virus checking world Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 27. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Demonstration Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 28. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Vulnerable Systems Number of trojans in common use… RELATIVELY SAFE DANGEROUS MacOS MacOS X Linux/Unix WinNT Win 9x WinNT refers to Windows NT 4, 2000, XP and Server 2003. Win9x refers to Windows 95, 95SE, 98 and ME. Information Source: McAfee Security - http://us.mcafee.com/ Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 29. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Vulnerable Systems Ease of compromise… RELATIVELY SAFE DANGEROUS Linux/Unix MacOS X WinNT MacOS Win 9x WinNT refers to Windows NT 4, 2000, XP and Server 2003. Win9x refers to Windows 95, 95SE, 98 and ME. Information Source: McAfee Security - http://us.mcafee.com/ Image Source – Image derived and produced by; Andrew Brown, Tim Cocks and Kumutha Swampillai, February 2004. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 30. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Conclusions Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 31. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Security Implications Short Term Long Term • Divulge personal data • Mass data collection • Backdoors into system • Consequences unknown • System corruption • Web becomes unusable • Disruption / Irritation • Web cons outweigh pros • Aids identity theft • Cost of preventions • Easy virus distribution • More development work • Increased spam • More IP addresses (IPv6) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 32. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Solutions Short Term Long Term • Firewall • Add Spyware to Anti-Virus • Virus Checker • Automatic maintenance • Spyware Remover • Legislation • Frequent OS updates • Education on problems • Frequent back-up • Biometric access • Learning problems • Semantic web (and search) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 33. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Firewalls Network / Internet • 3 Types… – Packet Filtering – Examines attributes of packet. – Application Layer – Hides the network by impersonating the server (proxy). – Stateful Inspection – Examines both the state and context of the packets. • Regardless of type; must be configured to work properly. • Access rules must be defined and entered into firewall. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 34. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Firewalls Network / Internet http - tcp 80 telnet - tcp 23 http - tcp 80 Packet Filtering ftp - tcp 21 Web Server Firewall Allow only http - tcp 80 192.168.0.10 : 1020 202.52.222.10: 80 202.52.222.10: 80 Stateful Inspection 192.168.0.10 : 1020 PC Firewall Only allow reply packets for requests made out Block other unregistered traffic Image Source – Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4]. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 35. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 Intrusion Detection Systems Network Server Switch Firewall IDS Server • Intrusion Detection – A Commercial Network Solution • An “Intelligent Firewall” – monitors accesses for suspicious activity • Neural Networks trained by Backpropagation on Usage Data • Could detect Trojan Horse attack, but not designed for Spyware PC • Put the IDS in front of the firewall to get maximum detection • In a switched network, put IDS on a mirrored port to get all traffic. • Ensure all network traffic passes through the IDS host. Image Source – Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai; partially inspired by a diagram from [4]. Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk
  • 36. Spyware and Trojan Horses – Computer Security Seminar 12th February 2004 “System X” Network / Internet / Standalone • Composed of… – Open Source OS – Mozilla / Opera / Lynx (!) Browser (Not IE) – Stateful Inspection Firewall – Anti-Virus Software – Careful and educated user – Secure permissions system – Regularly updated (possibly automatically) Andrew Brown, Tim Cocks and Kumutha Swampillai http://birmingham.f9.co.uk