Wednesday, July 15, 2009

SPYWARE-1

Spyware is a type of malware that is installed surreptitiously on personal computers to collect information about users, their computer or browsing habits without their informed consent.

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web Browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.

In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer. The US Federal Trade Comission has placed on the Internet a page of advice to consumers about how to lower the risk of spyware infection, including a list of "do's" and "don'ts.

Examples of spyware

These common spyware programs illustrate the diversity of behaviors found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections. For instance, a number of the spyware programs distributed by Clariaare collectively known as "Gator". Likewise, programs which are frequently installed together may be described as parts of the same spyware package, even if they function separately.

  • CoolWebSearch
  • Internet Optimizer
  • HuntBar Or Adware. Websearch
  • Movieland
  • Zango
  • Zlob Trojan

Spyware, adware and tracking

The term adware frequently refers to any software which displays advertisements, whether or not the user has consented. Programs such as the Eudora mail client display advertisements as an alternative to shareware registration fees. These classify as "adware" in the sense of advertising-supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service.

Most adware is spyware in a different sense than "advertising-supported software," for a different reason: it displays advertisements related to what it finds from spying on you. Gator Software from Claria Corporation(formerly GATOR) and Exact Advertising's BargainBuddy are examples. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user receives many pop-up advertisements

Other spyware behavior, such as reporting on websites the user visits, occurs in the background. The data is used for "targeted" advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.Com, as spyware, and some anti-spyware programs such as Ad-Aware report it as such. Many of these adware distributing companies are backed by millions of dollars of adware-generating revenues. Adware and spyware are similar to viruses in that they can be considered malicious in nature. People are profiting from misleading adware, sometimes known as scareware, such as Antivirus 2009.

Similarly, software bundled with free, advertising-supported programs such as P2P act as spyware, (and if removed disable the 'parent' program) yet people are willing to download it. This presents a dilemma for proprietors of anti-spyware products whose removal tools may inadvertently disable wanted programs. For example, recent test results show that bundled software (WhenUSave) is ignored by popular anti-spyware program Ad-Aware, (but removed as spyware by most scanners) because it is part of the popular (but recently decommissioned) eDonkey client. To address this dilemma, the Anti-Spyware condition has been working on building consensus within the anti-spyware industry as to what is and isn't acceptable software behavior.

Spyware, virus and worm

Unlike viruses and worms, spyware does not usually self-replicate. Like many recent viruses, however, spyware—by design—exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements, theft of personal information (including financial information such as credit card numbers), monitoring of Web-browsing activity for marketing purposes, and routing of HTTP requests to advertising sites.

However, spyware can be dropped as a payload by a worm.

Monday, July 13, 2009

All About Malwares

Types Of Malware

the term malware attempts to define the entire new emerging class of malicious software. Wikipedia has a pretty good definition of malware:

" Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, and other malicious and unwanted software.

The important thing to know about malware is that increasingly financial harm is the #1 objective.

How is malware different from spyware?

Under the hood, there is not difference although many will say that it is more closely identified with spyware. Malware intendes on hurting you (your computer), it's not a joke written by bored college kids, or pranksters.

    Purposes of Malware are to...

  • steal your identity by collecting personal information off of your computer
  • take over your PC to direct it to websites so the malware writer can get paid for advertising
  • steal your financial web site passwords
  • gather information about you in order to target you for other scams that involve phone, e-mail or regular mail
  • take over your PC to use the processing power to attack others or send SPAM
  • extort money from you in return for "releasing" your computer back to you
Who is sending out malware?

The malware writer is usually a professional software developers with formal education. They are usually backed by traditional crime organizations and work full time developing malware. The most vicious groups operate out of eastern Europe and Africa because it is unlikely they get prosecuted. Many people believe that local governments turn a blind eye to the activity and share in the profits.

How does Malware work?

How does Malware work?


Malware can attack multiple ways. The technology (spyware, trojan, rootkit) and the attack vector (fake software, e-mail attachments, direct hacking) has remained the same.

It's the intent that is different, malware always has some type of fraud behind the purpose of distribution.

Some examples of how malware works


Trojan Horse

You download a cool calculator program and install it. The calculator works fine. In a few days you start to have problems with your computer and when you search on the internet you start to get annoying pop-ups. Then you start to get popups at random when you are not searching the internet. The malicious pop-up program was most likely hidden away inside the calculator program. The installation also may have implanted itself inside programs that already existed on your computer. This makes it difficult to remove.


Rootkit in e-mail attachment
Your friend sends you a funny video, when you double click on it you get a security warning, but you want to see it so you click OK to get past the warning. However nothing happened, you think nothing of it..maybe it was a bad copy.
Later you talk to your friend however he says he didn't send you a video. Something did happen in the background when you clicked on the video, malware was installed. There is no way to know the intent behind it. You may not notice anything, your computer could be used as a bot net drone to attack web sites or other computers.

Spyware in "drive by download"

You click on a link in search results and immediately get pop-ups. You close the pages but get weird errors. You think nothing harmful could have come of it, you simply "drove by" the website. You didn't install anything. However your computer had a software flaw that let the website install spyware without your permission. You didn't get a warning because it was a flaw in the programming of the web browser. You now have spyware resident on your system. What you type in web forms, login pages, chat and what sites you visit could all be sent to the hacker's website.