Adware and Spyware – What are they ?

What if you bought a music CD and every five minutes a voice came on and asked you to get a new credit card, or to change your mobile service provider, or to earn $2032 per hour just from home? What if your music listening habits were constantly being monitored? And if the force behind the voice caused your CD player to eventually go kaput? Translate that to the world that is the Internet, and what you have is adware and spyware.

What are they?

Essentially, “adware” is an abbreviation for advertising-supported software. Adware comes bundled with some commercial software which, upon installation, installs packages that download advertising material to your computer and display them. These ads are usually displayed when the user is using the original software application. However, this is not always the case. As it becomes increasingly pervasive on your computer, adware begins to pop up ads even when you aren’t using the original software application. And that’s when it gets really irritating.

Spyware, on the other hand, is irritating right from the beginning. It gets its name from the fact that it installs itself and performs (often malicious) operations on the user’s computer without his knowledge. It is intentionally designed to stealthily install itself and monitor the user’s activity, accessing information that can easily be used to someone’s  profit. Essentially, spyware, once on your computer, is used to transmit personal data to a third-party that will use it for a purpose you did not sanction.

Spyware shouldn’t be confused with viruses or worms, as a spyware package is not intended to replicate itself.

 

Cartoon virus

Courtesy : scottgbrooks

How Do They Attack?

Adware, spyware, and for that matter, any malware, can attack in a variety of ways.

Adware Attacks

As mentioned earlier, adware is usually bundled with a commercial software. It can install itself on your computer either with your permission or without your knowledge when you install the software package. Milder forms of adware are also present in the form of pop-up (and the increasingly common, pop-under) banners that pop up when you visit certain sites. These ads, sometimes referred to as “Java traps,” open up in several mini-windows—each time a window is closed by the user, code that spawns another window is activated. Programmers sometimes add adware to their software packages in order to recover some of the cost of developing the package.

If the package is freeware then the adware is used to make up for the entire cost of development. Shareware packages also sometimes carry adware that is activated once the trial period is over. Adware can have several negative effects on your computer. It generally slows it down since it gobbles up some of your system’s RAM. It also, to a large extent, slows down your Internet connection, as a lot of bandwidth can be used to download ad content.

Funny ads

Fake ads to attract attention.

Adware is generally licensed content, and therefore usually (though not always) requires the user’s permission before being installed on the user’s computer. It collects information about how one is using one’s computer and the content transmitted therein, and based on this, displays “relevant” ads in your browser. The free versions of certain browsers, like Opera, used to support adware. Come P2P clients, such as KaZaA, have adware (for example, Gator, TopSearch, etc.) that install on your computer.

However, there are very few examples of such “good” adware. Good adware allows you to uninstall it whenever you like. The other type of adware installs itself on your computer without your permission. Usually, sites with explicit content install such packages onto your computer. These could eventually “hijack” your browser, causing your screen to get filled with more and more pop-ups.

 

Spyware Attacks

Spyware is intended to gather information about a computer user without that user’s permission and knowledge. There are different levels of information that spyware intends to collect from one’s computer. The milder versions collect data about the user’s Internet usage and sends it to, say, an online advertising agency, who will then point your browser towards advertising content (read tons of pop-ups). The harsher versions of spyware can take more personal information from your Internet history such as credit card numbers and passwords.

Spyware is usually developed by individuals who want to infiltrate computers and use it to their profit. Spyware, once installed on your computer, can drastically slow down its performance, since it consumes a large amount of RAM; with every subsequent browser function, it slows down your computer further. But how does spyware get installed on your computer? Well, you don’t have to visit a pornography site to be attacked by spyware. These days, spyware has pervaded to sites with not only explicit content, but also to sites with other accessible Web content, including downloads from sources that aren’t legitimate.

Though it may seem pretty cool to have been able to get some really expensive pirated software off a warez site, you are almost certainly going to be open to spyware as you do it. The same goes for some P2P clients (like Kazaa, BearShare, and Morpheus). Spyware can get installed on your computer when you install certain software, through the ActiveX controls of malicious Web sites, or even through pop-up advertising. ActiveX is a technology used by Microsoft IE, and it allows different applications—or parts of them—that you installed on your computer to be accessed by your browser to display content. Some spyware developers are particularly cunning, disguising their spyware programs as spyware removal programs, thereby fooling users into downloading more spyware.

Spyware programs are getting more malicious by the day. They could install a variety of application DLLs on your computer that allow hackers to snoop on what you’re doing. These DLLs can do a variety of things to your computer—monitor your keystrokes on or offline, access your word processor, hijack your Web browser, display advertisements, and more. And some spyware leaves your computer even more open to attack from other spyware.

Gator basically displays advertising on the computer on which it is installed. It also installs a host of other applications like GotSmiley, Dashbar, and more, which further slow down your computer.

 

Brief : Why you should concern about security ?

Hackers awaiting for your actions

Adware can bring down your PC, a virus can mass-mail annoying contents to all the contacts in your address book, a key logger can send every keystroke of yours to someone on the Net—and these are just a few risks that are out there affecting PCs. Also, for someone even moderately well versed with operating systems, getting into a poorly-secured PC is child’s play.

WHY SECURITY?

As computers become more and more integrated into our lives, we end up leaving a lot of sensitive information on our PCs—from passwords, e-mail IDs (even official e-mail IDs) and bank accounts to personal diaries and notes, business plans (or worse still, tender bids), confidential documents, a log of surfing habits (which can be viewed out of context), a backup of phone SMSes, and much more. Then there is another risk, especially when you are online—viruses and spyware. Though viruses and spyware are talked about in the same breath, there is one fundamental difference: a virus is written to cause damage to your operating system, programs or files, usually with no direct benefit to the virus creator. Spyware, on the other hand, is written for gain. This could be by tracking the surfing habits of a user on an infected computer and sending this information to someone who would send the user advertisements supposedly targeted at him based on his surfing habits.

Very strictly speaking, spyware is not intended to cause damage, at least in the traditional sense, but more often than not, they end up doing so on your PC, which is rendered difficult to repair. When we speak of computer security, what we mean is the ways in which you can prevent people from accessing data on your computer, keep your computer safe from viruses and spyware, and protect yourself from hacking and phishing.

 

The Internet

The Internet brings the world to your desktop, no doubt. But that world also includes a sub-world of spyware, worms, phishing attacks, and more. The most common of online irritants is spam e-mail. Spam is simply unsolicited email that urge you to buy herbal concoctions to enlarge certain body parts, promise youthfulness via a pill, say that you’ve won a Rolex watch, and so on. These mails invariably contain a link to a supposed online store that will ask you for a credit card number for an online payment. It is difficult to believe how someone can fall for a trick like this, but apparently, there are a few innocent people out there who get tricked into buying a “herbal” cure or a “collector’s watch.” Needless to say, you need to just delete these mails. The other common annoyance, which can also bring down your PC, is spyware / adware. The source of these is most usually pornographic sites or those with cracks for software. These sites can also be the very links you get in spam mail. Once they get installed, they are able to send a list of the Web sites you surf, and even your e-mail address. Based on your surfing habits, spam is sent to your email ID, advertising products or services that would ostensibly be of interest to you. An adware program will open browser windows all by itself and direct you to Web sites selling products of the same nature. Some of them are so designed that if you close the window that they bring up, they will open two or more instantly! If you receive a suspicious looking file in an e-mail (something like “annakournikova nude playing tennis.avi.scr”) even from a known source, do not download the file. It is likely that a virus has hacked into the sender’s e-mail client (or even disguised the sending address as something else—yes, that’s possible too) and is sending out spam or offensive mails.

 

internet_security - spyware

Spyware

The affected person may not even know that spam mails from his ID are being sent. You can be a good friend and call him up to let him know of this so he can take curative measures. Some sites even make use of the fact that people occasionally make typographical errors! A recent example is www.ork0t.com (now taken down), which you could have visited if you typed what you thought was “www.orkut.com” and made a typo. When one entered one’s user ID and password into that site, it would be used to hack into your account and send out spam to all your contacts! Phishing is a threat that can potentially rob you of your money. It’s a means of fooling you into disclosing your login details of any site / service. If you are using an e-banking service, be very careful of mails that you may receive claiming to be from your bank, asking you to fill in your login details. As a policy, most banks do not send out e-mails asking you to fill in any e-banking details. If you do receive such a mail, it is fake. Before you fill out any details on a site following a link sent via e-mail, do confirm with your bank’s customer care if they have indeed sent out such a mail. Visit only your bank’s official site for all transactions.

 

Attacks From Known Sources 

It is not uncommon for crime investigators to find that the culprit was known to the victim—this is the case with computer security as well. Someone who works at your computer may access your personal files—and even your surfing habits. It is not generally practical to keep your PC under lock and key, but what you can have is a digital version of a lock and key: set up passwords and encrypt files.

Data theft is a growing concern amongst corporates. Personal and professional harm can arise if someone gets access to your private data or worse still, your e-mail, wherein they could email someone posing as you. You can assign a password to access your PC and, similarly, password-protect your files as a first step to safeguard yourself from this risk. And, it is good practice not to let anyone install unfamiliar programs on your computer.

You must realize that given sufficient time and resources, a competent enough person can eventually break into your PC, but that is no reason to leave it entirely unsecured.

A cartoon from drxtoon

How to Unblock Internet Filter

These days, schools are so strapped for cash, they cant afford the Internet bandwidth for students to do useful and fun thing on school computers. Some schools expect students to actually do work during IT lessons, and some IT departments just don’t like YouTube. However, the days are over when they can lock down the system enough to stop determined students from using the Internet as they please.

De-filters

These are websites which take a URL, and collect the content for you. The work because the filters only see you downloading data from an unblocked website (the de-filter); the connection to the banned site is from another external web server so it doesn’t pass through your schools filters.

These are some good de-filter websites:

These are just a few of the hundreds of de-filter websites revealed by a quick google search. Where possible, tick the box that turns on some kind of encryption. This prevents the IT department seeing what sites you gave unblocked. Also, sites that use the HTTPS protocol are even harder to be caught with.

hide my ass

However, de-filter sites do not always unblock active content such as flash, or videos so they are not perfect. If you find a good de-filter, don’t give it to anyone because it will soon spread round the school, and end up blocked.

 

Using a new proxy

Most school filters work by directing all traffic through a proxy server, which scans URLs for blocked keywords. Internet Explorer uses the system wide proxy for HTTP. However, FireFox can have its own proxy set. Firefox will route all traffic through the open proxy server, avoiding using banned keywords in the URL. This traffic will then be sent through the filter proxy by the operating system, but will not be blocked if all has worked well.

1) Get a copy of FireFox on a memory stick. It’s best to use the portable version available here because it wont leave evidence of running FireFox on the main system hard drive. This version also remembers your bookmarks, passwords etc.

2) Set up FireFox to a proxy. Open the Tools menu, then click Options. Then click the Connection Settings button in the resultant window. Click the radio button for “Manual proxy configuration”, and fill in relevant proxies/port numbers. A list of free proxies and port numbers is available here. Now, all should work as planned.

HTTPS

This is the most simple of them all but sometimes does not to work. It’s as simple as just adding an S on to the http. so lets say for example http://www.facebook.com/ you would change it to https://www.facebook.com/

https facebook

UltraSurf

In my high school we use a program called UltraSurf. http://www.ultrareach.com/ All you need to do is download this to a flash drive (some kids save it to our student drives on our network, but I don’t suggest this as the IT department will find out) and when you are at school run it. It will pop up with a new browser window and viola! Surf the net as you please!

URL Filter Bypassing

It’s possible for internal employees to bypass Web-content filtering applications and logging mechanisms to browse to sites that they shouldn’t go to — potentially covering up malicious behavior and Internet usage.

Easier hack is to exploit the general mechanism built into URL filtering systems that filter Web traffic based on specific URLs and keywords (words that match a list or meet a certain criteria). Users take advantage of this practice by converting the URL to an IP address and then to its binary equivalent. The following steps can bypass URL filtering in such browsers as Netscape and Mozilla:

  •  Obtain the IP address for the Web site.

For example, a gambling Web site (www.go-gamblin.com) blocked in Web-content filtering software has this IP address: 10.22.33.44 This is an invalid public address, but it’s okay for this example; you may want to filter out Web addresses on your internal network as well.

  • Convert each individual number in the IP address to an eight-digit binary number. Numbers that may have fewer than eight digits in their binary form must be padded with leading zeroes to fill in the missing digits.

For example, the binary number 1 is padded to 00000001 by adding seven zeroes. The four individual numbers in the IP address in Step 1 have these equivalent eight-digit binary numbers:

10 = 00001010

22 = 00010110

33 = 00100001

44 = 00101100

The Windows Calculator can automatically convert numbers from decimal to binary notation:

i. Choose View➪Scientific.

ii. Click the Dec option button.

iii. Enter the number in decimal value.

iv. Click the Bin option button to show the number in binary format.

  •  Assemble the four 8-digit binary numbers into one 32-digit binary number. For example, the complete 32-digit binary equivalent for 10.22.33.44 is 00001010000101100010000100101100 Don’t add the binary numbers. Just organize them in the same order as the original IP address without the separating periods.
  • Convert the 32-digit binary number to a decimal number. For example, the 32-digit binary number 00001010000101100010000100101100 equals the decimal number 169222444. The decimal number doesn’t need to be padded to a specific length
  • Plug the decimal number into the Web browser’s address field, like this: http://169222444
  • The Web page loads easy as pie! The preceding steps won’t bypass URLs in Internet Explorer.