SpyWare!IQxplorer

*

AgendaDefine SpyWareDiscuss methods used for spyingFocus on passive tracking methodsDemonstrate one passive methodDiscuss preventionConclusions

*

SpyWare DefinitionSpyWare is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first.

http://www.microsoft.com/athome/security/spyware/spywarewhat.mspx

*

SpyWare CategoriesAdvertising (Passive)

Capture browsing historyCapture buying habits

Surveillance (Active)

Key loggersSystem Monitors

*

SpyWare Statistics90% of all internet connected machines are infected~28 SpyWare traces on each machine1/3 infected with surveillance SpyWare80% of infections were cookies

*

Passive Tracking MethodsWeb BeaconsCookies deposits

*

Web BeaconsAlso know as

Web BugsClear GIFsAllows destination to log page hitsCan be used in conjunction with cookies

*

Cookie Fields

ParameterDescriptionNameThe name of the cookie. ValueThe value of the cookie. ExpireThe time the cookie expires. This is a Unix timestamp so is in number of seconds since the epoch. In other words, you'll most likely set this with the time() function plus the number of seconds before you want it to expire. PathThe path on the server in which the cookie will be available. DomainThe domain in which the cookie is available SecureWhen set to TRUE, the cookie will only be set if a secure connection exists. The default is FALSE. httponlyWhen TRUE the cookie will be made accessible only through the HTTP protocol. Not supported on all browsers

*

Web Beacon w/Cookie Example: spywareWebBeaconCookieDeposit.html

Web Beacon Cookie Deposit Example

Web Beacon Cookie Deposit Example:

*

Server CodeserverWebBeacon.php

PHP Test

*

Cookie Capture File[cdshort@windom public_html]$ cat cookieCapture.txt

SpyCookie : ISpyOnYou : Fri Dec 1 18:30:17 MST 2006SpyCookie : ISpyOnYou : Fri Dec 1 18:30:38 MST 2006[cdshort@windom public_html]$

*

User

`

Tag. Select and type.

HTTP GET Request

Tag. Select and type.

HTTP GET referral

Tag. Select and type.

HTTP Response

Tag. Select and type.

HTTP Response Cookie Deposit

*

Packet Capture

*

ConclusionsBrowser settings can prevent cookie deposit Be careful what you download

Dont open the door willinglyThe use of cookies is fundamental

The information provided is minimal

*

Questions?

*

Referenceshttp://www.php.net/manual/en/function.setcookie.phphttp://cs.uccs.edu/~cs301/php/php.htmlTzu-Yen Wang, Shi-Jinn Horng, Ming-Yang Su, Chin-Hsiung Wu,Peng-Chu Wang and Wei-Zen Su. A Surveillance Spyware Detection System Based on Data Mining Methods. 2006 IEEE Congress on Evolutionary Computation.http://www.allaboutcookies.org/web-beacons/Wes Ames, Understanding Spyware: Risk and Response, 2004 IEEE IT Prohttp://www.microsoft.com/athome/security/spyware/spywarewhat.mspxhttp://www.earthlink.net/about/press/pr_spyAudit/

*

*

*

*

*

*

*

*

*

*

*

**

*

*

*

*