ВУЗ: Не указан
Категория: Не указан
Дисциплина: Не указана
Добавлен: 07.04.2021
Просмотров: 158
Скачиваний: 1
A Brief History, Present and Future of
Spyware
1.
Introduction
Steve Gibson of Gibson research, who wrote the first anti-spyware software, said spyware is “uninvited,
unwanted, stealthful, invasive, annoying, exploitive, and potentially privacy-compromising PC add-on
software whose ongoing presence in millions of PCs worldwide benefits not the computer’s owner and
operator, but the interests of the publishers of this troubling new class of software [8].” These words
abundantly summarize everything about spyware. It’s a program which is made to literally spy on you,
while you surf the internet. This report will provide a brief survey of spyware, in which I will talk about,
how the spyware as we know it came into existence, the classification of spyware, why does it exists in
the first place and anti spyware techniques for its removal. In the end we will see how the future of
spyware looks like before I conclude the report.
2.
History of spyware
The term spyware was first used in a 1995 post on Usenet which made fun of Microsoft’s business
model. Spyware programs started appearing on the internet around the late 1990s. First such known
spyware was the Elf bowling program. On the outside it was a nice little free game, but inside it was a
stealth program which sent information about the user to its creator NSoft. The first usage of the term
“spyware” in the sense we know it today was in the press release of Zone Lab’s Zone Alarm firewall. In
2001 Steve Gibson detected a malicious program on his computer which was sending information from
his computer to some adware companies. To counter this, Gibson came up with the first anti-spyware
software, OptOut. Since then the war between spyware and antispyware has become more and more
complex. The evolution of spyware has followed the trend set by the evolution of virus, with the spyware
authors devising new ways and techniques to evade detection and the antispyware companies trying hard
to come up with newer detection and removal methods. In the initial stages of spyware’s evolution, even
the aware internet users did not think spyware could be harmful as much as viruses and hackers. This
provided the spyware makers an opportunity to grow and diversify without getting noticed [13]. Spyware
has come a long way since the Elf bowling program, evolving and getting more and more complex and
dangerous with time. Just how much of a nuisance it has become can be seen from the statistics below.
A survey conducted by AOL and NCSA in 2004 found that 80% of the computers connected to the
internet had some sort of spyware installed on them, 89% of those who were infected didn’t know it was
there. An average of 93 spyware components was found on the infected machines [12]. An IDC survey of
600 corporate IT managers in 2004 revealed that spyware ranks fourth on the list of biggest security risks
[10]. State of the net, from Consumer Reports says in 2007 spyware infections prompted 850,000 US
household to replace their computers. The total financial loss was about $1.7 billion [1]. EarthLink’s
2009 Q4 report tracked the growth of spyware for a year and the results showed a staggering 230%
increase [2]. We can clearly see that spyware is one of the fastest growing phenomenons on the internet
these days and if we combine all different types of spyware together, it has become the single most
popular download on the internet [11].
3.
Types of spyware
Spyware is a generic term for a number of different malicious software. So what are the different types of
spyware in existence?
3.1
Adware
Adware is the most common type of spyware, which sits on your computer waiting for you to go online.
As soon as you are connected to the internet, it inundates you with all sorts of popup ads. The motive
behind this is to make you click on the ads, which generates revenue for the spyware installer. The adware
may also monitor your browsing patterns. This information is sent to the spyware installer to show you
targeted ads.
3.2
Browser Hijackers
Browser Hijackers change a browser’s default settings and homepage. It may also change your search
engine and redirects you to a specific page filled with popup and ads. Browser Hijackers are extremely
annoying as they are generally very difficult to remove.
3.3
Key Loggers
A key logger can either be hardware or a piece of software. In our context it will mostly be software
which resides in the computer’s memory and records every keystroke. These are one of the most severe
types of spyware. Key loggers record everything you type and send this information to a third party, who
can analyze it easily for username, passwords and other personal information.
3.4
Dialers
Dialers were widespread in the pre cable modem, dialup era. Dialers are used by pornographic vendors.
They initiate the computer’s modem and if connected to a telephone line, call a phone number which
generates revenue for the number owner on the expense of the user.
3.5
Trojan Horses
Trojan horses are legitimate software, which unknown to the user has one or more sinister software
hidden inside it. This hidden software may serve ads and spy on you. Most often the EULA for the Trojan
horse would have a word about the hidden software buried so deep in the documentation that the user
wouldn’t ever notice. On the other hand sometimes the spyware would be completely hidden.
3.6
Cookies
Cookies are small files used by a web browser to store information about the user. By themselves, cookies
are not bad; websites use them to remember the user and to personalize the browsing experience. Spyware
and adware use these cookies to track your surfing patterns and store information about you so that you
can be bombarded with ads as and when they like.
4.
How can spyware harm you?
At best spyware is a nuisance, at its worst it can log all your keystrokes, invade your privacy and steal
your passwords. Most spyware run at startup in the background hogging your resources. It generates pop
up ads which render your browser too slow to work with, sometimes even crashing it. Spyware pesters
you by changing your homepage, redirecting you to different web pages and hijacking your search. Some
spyware monitor your browsing habits, some even go through your files and catalogue information about
you, which can then be used to show you targeted ads via pop ups. Some spyware go beyond these
boundaries to steal your passwords and also money. Since spyware is always running in the background a
severe infection can make the computer very slow and unresponsive, they also eat into your bandwidth
which brings down your internet speed.
5.
How does spyware spread?
Unlike viruses spyware does not install itself without the user’s permission however it tricks the user in
installing it. Spyware can spread in a number of ways, a few of which are described below.
i.
As Milton Friedman famously said, "There is no such thing as a free lunch”, the price to be paid
for a lot of free software is spyware. You download a free utility and along comes the spyware
without you even noticing it. The main culprit in this category is shareware. Companies which
use spyware, pay the shareware providers to incorporate spyware in their products. Shareware
like Kazaa are known to install a number of spyware with them.
ii.
It could be disguised as useful software, for example, SpeedBit which
was a program that could increase your surfing speed or an online
friend like Bonzi buddy or the infamous WeatherBug. These software
offer to help you for free but in fact they are spyware, monitoring you
and your computer.
iii.
Spyware can also arrive when you click on the
unscrupulous pop ups which look like windows
dialog boxes, if you have lower internet security
settings.
iv.
Spyware could also be installed through a virus or
a worm. An example of this is the W32 Spybot
worm which exploited vulnerabilities in Windows
XP to get installed. The W32 Spybot had the
properties of worm, virus and spyware alike. It
multiplied itself like a virus, used security holes to exploit machines like a worm and worked to
steal passwords and logged keystrokes like a spyware.
Figure 1. Bonzi buddy
Figure 2. Fake Windows dialog box
v.
Spyware can also exploit a security hole in your browser or any program you are using and when
you go to a website which has the spyware it downloads itself on the computer, this is called
drive by download.
vi.
Some of the spyware advertize themselves as anti-spyware to trick users in downloading them.
These so called anti-spywares run fake scans, and provide fake results while doing their job in the
background.
Figure 3. Fake antispyware
6.
The spyware money trail
The sole purpose of the existence of most of the spyware is money. A low percentage of the spyware
consists of key loggers and other programs which log your passwords and other information to directly
steal from you. The rest of them make use of an unaware computer user to make money. Preston Gralla’s
book “How personal &internet security works” [9] describes one of the ways spyware is used in making
money. The process is summarized below.
It all starts with an affiliate program from a merchant, in which anyone can sign up and make money
by delivering the ads that these merchants provide. Each participant receives a unique code, which is
embedded in the ads they display. Each click on the link or the ad towards the merchant earns the
participant money. Some notable affiliate programs are Google AdWords and Yahoo Search Marketing.