Professional Documents
Culture Documents
Adam Guzy
0151704
Introduction
Spyware and viruses cost companies millions of dollars to deal with, they operate
by exploiting the security weaknesses found in most commercial software. This paper
will cover the various kinds of spyware and viruses used today and potential solutions to
these problems.
Spyware
This category of malicious software generally has two effects, there are types that are
relatively quiet and those that are painfully visible. The implementations that are quiet
passively gather information and send it to third parties, entirely without the authorization
of the user creating a breach in privacy. The other implementation actively interferes
with the normal operation of various programs, for example, some Spyware will change
the user’s homepage to a specific company page, or based on gathered data, produce pop-
ups at regular intervals attempting to sell some product or service. In total there are 4
categories of Spyware used that produce these effects.
Adware Networks
Companies pay software creators (video games, utilities, music and video players etc)
somewhere between 0.1 and 0.2 cents per download of their software. An example is:
Gator Gain. The companies create networks of user’s PC’s to gather information from
each user and sells the information. These networks can also be used to create the pop-
ups that were previously mentioned. To deal with this, in a relatively simple way, would
be to update all web browsers (the usual source of spyware) with a filter to recognize
information coming from the Adware Network. This could include IP blocking, that is
-- Converted from Word to PDF for free by Fast PDF -- www.fastpdf.com --
block the IP of the company sending the spyware signals, effectively isolating them from
the rest of the internet. [1]
Stalking Horses
This software is what enables the Adware Network. The Stalking Horse usually arrives
bundled with other software, for example Cydoor (which stores information on which ads
the user clicks on). It is the program that connects the host computer to the Adware
Network. This is not a problem with the network protocol or anything that low level.
The Spyware is a program like any other, only it operates without the user’s knowledge.
Low level layers cannot tell the difference, the problem is on the application layer. The
solution to this is to either use a Spyware removal program, or use a port sniffer to
identify any unauthorized ports that are open. The sniffer will find every open port and
what program is currently using said port, with this information the user can close the
port and remove/close the offending program. The automated removal program only
finds Spyware identified in its database, where the sniffer allows the user to find any
suspicious programs and remove them (as some spyware may not be in the database).
Improving the firewall will help prevent unauthorized ports from opening. [1]
Trojan Horse
These programs include the Adware Network software and a Stalking Horse. It bundles
these two together with a popular program, relying entirely on the user to let it pass
through so it can slip past the firewall. An example of this arrangement is Kazaa (which
contains many Stalking Horses). Often the spyware is tied to the popular program, so
removing the spyware will usually disable the program the user wanted to run. One way
of dealing with this problem is to modify the user’s hosts file to point to the user’s own IP
address, this way there is no data being sent out and the original program is still
functional. [2]
Backdoor Santas
These programs are completely stand-alone, they do not connect to Adware Networks.
Instead they gather information and send it directly to their respective servers. Examples
of these programs include Hotbar, Alexa. They arrive at a user’s PC by slipping past the
firewall the same way a Trojan Horse does. Spyware aspect of the program cannot be
separated from the ‘useful’ portion, as it is not a bundle, but one program. The best way
to defend against this kind of spyware is to use a strict firewall and monitor the ports to
be sure nothing gets through. [4]
Viruses
Viruses are programs that infect a system and reproduce to spread to other
systems or parts of the system. There is a variety of types of viruses, as listed below. [4]
Polymorphic
This type uses a mutation algorithm to change the virus each time it is copied. This is an
attempt to confuse anti-virus software, which is no longer successful with current
mutation methods. [3]
-- Converted from Word to PDF for free by Fast PDF -- www.fastpdf.com --
Stealth
For a virus to function, it must change something, be it boot sector, files etc, this is how a
virus is often detected. The stealth virus hides the modifications that it makes by taking
over functions that handle disk access etc. When a program requests some piece of data
the virus (that had modified that piece of data) sends a copy of the un-modified data back
to the program, thus evading detection. This is why most anti-virus programs work best
upon start up, before the virus can conceal the changes it made. [3]
Armored Viruses
The task of eliminating a virus for antivirus programmers consists of going through every
instruction of the virus, or disassembling the virus. An armored virus attempts to make
this process extremely difficult, so no new automated solutions can arise. [3]
Multipartite Viruses
These viruses infect both system sectors as well as files. This is done by having multiple
parts to the virus, hence multipartite. This allows the virus to spread in a variety of ways,
making it difficult to remove, and fortunately difficult to write. [3]
Virus Droppers
-- Converted from Word to PDF for free by Fast PDF -- www.fastpdf.com --
These are not viruses on their own. What they do is move into a system without
triggering any warning programs and ‘drop’ viruses into the system. It is very similar in
nature to a Trojan. [3]
Conclusion
References
[4] “What can you do about spyware infections”, FAST Corporpatre Services, Accessed
March 25, 2005, an.newbusiness.co.uk/cgi-bin/showArticle.pl?id=2702
-- Converted from Word to PDF for free by Fast PDF -- www.fastpdf.com --