spywareandtrojanhorses

spywareandtrojanhorses内容摘要：

file sent to the user from a website. – Contains Website visited – Provides clientside personalisation – Supports easy Login • Cookies are controlled by… – Website’s Application Server – Clientside Java Script • The website is effectively able to „remember‟ the user and their activity on previous visits. • Spyware panies working with websites are able to use this relatively innocent technology to deliver targeted REAL TIME marketing, based on cookies and profiles. Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Case Study DoubleClick • Most regular web users will have a “” cookie. • Affiliated sites request the DoubleClick cookie on the users puter. • The site then sends… – Who you are – All other information in your cookie file • In return for… – All available marketing information on you collected from other affiliated sites which the you have hit. Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Case Study – DoubleClick • Site targets banner adverts, s and popups to the user. • If the user visits an affiliated site without a DoubleClick cookie, then one is sent to the user. • The whole process is „opaque‟ to the user and occurs without their consent. Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Tracking Cookie Implementation • Protocol designed to only allow the domain who created a cookie to access it. • IE has a number of security holes… – Up to IE 5, domain names specified incorrectly. – Up to IE 6, able to fool IE into believing it is in another domain. • Patches and IE 6 solved a number of problems • Since then, tracking cookies are still proving a large problem, there are still a number of holes still open. Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Tracking Cookie Implementation Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Image Source – Image produced by Andrew Brown, Tim Cocks and Kumutha Swampillai。 partially inspired by a diagram from [16]. Tracking Cookie Defence • Replace tracking cookies with write protected zero length files of the same name. • DoubleClick offer an optout cookie, which can be obtained from their website. • Disable cookies – Makes many websites unusable • Delete cookies after session • Spyware remover (Adaware) Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Image Source – Screenshot of DoubleClick OptOut Cookie displayed in Microsoft Notepad. Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Trojan Horses Installation • Secretly installed when an infected executable is run – Much like a virus – Executables typically e from P2P works or unscrupulous websites • ActiveX controls on websites – ActiveX allows automatic installation of software from websites – User probably does not know what they are running – Misleading descriptions often given – Not sandboxed! – Digital signatures used, signing not necessary Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Installation Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai • Certificate Authority • Misleading Certificate Description • Who is trusted? Image Source – Screenshot of Microsoft Inter Explorer 6 security warning, prior to the installation of an ActiveX Control from “Roings”. Effects • Allows remote access – To spy – To disrupt – To relay a malicious connection, so as to disguise the attacker‟s location (spam, hacking) – To access resources (. bandwidth, files) – To launch a DDoS attack Spyware and Trojan Horses – Computer Security Seminar 12th February 2020 Andrew Brown, Tim Cocks and Kumutha Swampillai Operation • Listen for connections。