|
Introduction:
Spyware is a class of malware that
collects information from the system without the data owner’s
consent. This data may include keystrokes, screenshots,
authentication credentials, personal email addresses, web form
field data, Internet usage habits, and other personal information.
These data is delivered to online attackers who sell it to others
or use it themselves to execute financial crimes, identity theft,
or use it for marketing or spam. For a program to qualify as
spyware it must collect data without the data owner’s knowledge or
consent and must deliver or make it available in some way to an
unauthorized party.
Three types of attackers get benefit
of the spywares
-
Online attackers
-
Marketing organizations
-
Trusted insiders
Online Attackers
Online attackers primary interest in
spyware is using it to steal personal information for financial
crimes like carding (illicit trafficking in stolen credit card and
credit card information), for identity theft, or to sell that
information to someone else who then executes more traditional
financial crimes.
Marketing Organizations
Marketing organizations are mostly
interested in personal information such as email addresses, online
shopping and browsing habits, keywords in search queries, and
other personal and trend related information that can be used to
execute marketing campaigns like spam, spim (unsolicited messages
received via instant messaging systems), browser popups, home page
hijacking, and more.
Spying by a Trusted Insider2
A trusted insider might be an
employee who leverages spyware to collect corporate information
which can be sold in the underground economy, used for blackmail,
or used to gain access to more valuable information at some later
time.
Targeted data:
Some commonly targeted data includes:
Internet activity: These types
of data are mostly the user financial data, identity data such as
credit card, browsing habits, online purchasing habits.
Email and contact information:
Email addresses are be harvested from an infected user’s system
and marketed for use in spam mailing lists. Common techniques are
getting it from email applications’ address books, and scanning
files on the system’s disks for strings that match the format of
an email address.
Windows PStore data: windows
has a protected data store which mostly contains users outlook
passwords, passwords for web sites, MSN Explorer passwords, IE
AutoComplete passwords, IE AutoComplete fields, digital
certificates. The attacker uses PStore API to get over the
encrypted content of PStore.
Clipboard Content: System
clipboard sometimes contains sensitive information. Some includes
user credentials that are copied and pasted into login forms or
product registration codes. Attacker can easily get access to the
clipboard and uses the user’s sensitive data.
Key Strokes: This is the
simple and very effective technique used by spyware for revealing
user identity by reading the keystrokes of the user which may
consists of user name, email ids, and passwords.
Ways to defend:
Educating the user about the threat
of spywares. Always be alert of spywares, by denying the user
sophisticated facilities like save passwords, auto complete
actions. Avoid trusting unknown or high risk sources. Before
entering to surf a site or registering in a site always read the
terms and condition where they may tell about their credentials
over our personnel data. Some application asks for some
third-party software which to installed during the installation of
that application. So beware of such default checked options during
installation of software. Always stay with up-to-date patches for
the operating system and applications. Using best antivirus and
anti-spywares which help us to defend against threads. Avoiding
application which are mostly targeted by spywares like Microsoft
IE and using alternative applications will help to defend against
spyware. |
