I have share important section here, rest you can read from attached file...
Abstract
Malicious software is referred to spyware that affects privacy and confidentiality of individuals and corporations and poses security risks. In this research paper, we presented different types of spywares, their behavior, how spyware works and spread? This paper also discussed the potentials of spyware to damage the computers. This report also shows investigative results of an experiment we conducted; to know the infections and risks of spyware in a computer with and without antispyware. It also includes some recommendation to prevent the spyware.
1. Introduction
Spyware is any technology which helps organization to gather information about a person or an organization without their knowledge [1]. There are large numbers of synonyms of spyware including sneakware, stealthware, snoopware, trackware, thiefware, scumware [2], that have popped up in the past year or so. Spyware gathers sensitive data or secretly monitor user's activities, especially the typing of passwords, PINs and credit cards numbers, email addresses and sends to individual or company through user's internet connection (backchannel)
[2]. Spyware is a package which contains two separate software components that perform two types of functionality. One component performs core functionality for which user has installed the software and second component perform gathering of information functionality and act as spyware [3]. Today spyware has become a big security risk that is effecting and damaging computers very rapidly. It is a relatively new phenomenon, and according to users of Microsoft, it affects more than 50 percent of Windows operating systems failures [3]. Dell estimated that 90% of Windows PCs have at least one spyware program on the base of a survey conducted on September 2004 [4]. Spyware can perform different function like capturing information, displaying ads, dialing a number etc by one program, but usually different types of spywares perform different functions. There are various types of spywares and a lot of such programs exist throughout the internet today. Spyware does not spread automatically, but mostly users themselves open the door [4]. Spyware can get or install into the computer with free downloads like screensavers, accounting software, games, movies players, web browsers, peer to peer file sharing etc that are bundled with some spywares or through ActiveX controls that are hidden in the source code of websites or pop-up advertisements while you browse the websites. These bundled programs and ActiveX controls can open doors to install a wide range of spyware programs onto a user's computers [6]. Spyware are evolving very rapidly and effecting not only individual but also corporations. If spyware is installed on the client user workstations, can significantly impact on business confidentiality of stored information. Spyware can also impact on the users' privacy, connected to the internet or intranet both at home or corporate environment [7]. America Online and the National Cyber Security Alliance (AOL/NCSA) performed spyware scan on 329 customer's computer and reported that 80% were infected with spyware programs and each customer's computer contained average of 93 spyware components [8]. The spyware have severe impacts on Reliability, Annoyance, Privacy, Security and Performance of user computers.
The goals and objectives of this study were as follows:
· To explore and analyze behavior of different types of spywares
· Identify the risks of spywares to individuals and corporations
· To Explore the potential of spyware to effect or damage the computers
· Scanning Selected computers for spyware
· Compiling and analyzing scanning result.
4.0 How Spyware works?
Spyware effect or attack on computer from different levels [15][16]. The levels vary from low to high security risks
for individuals and corporations. The low security risk level is simple cookie, in which user’s website information
stores, such as user name and password through which user can access the website without entering password
again and again. This level has minimal risk. But it is a security risk and in some situation we cannot tolerate this
kind of risk The other level of security risks is more dangerous for individual and corporations. The second level of security risk is associated cookies that can track and capture important information from user’s computer. The third
level is application based. It has severe security risks e.g. it can gain the control of the system.
4.1 First level: Basic cookies
The first level of spyware or low level spyware is considered simple cookie identification for single and specific site. Different websites require storing user information to identify the user from specific computer, when the user uses the website in future. The cookie identification allows this. In most cases it is useful because user agree before storing information and sharing it with the site. However it is considered type of spyware with low level security risks. Because user identification information is stored in the cookie that would be abused
[15].
4.2 Second level: Associated cookies
Associated cookies are great security risks for individuals and corporation. These cookies are associated with member site to identify a single user every time when user connects to the site. The user’s activities are tracked in the result of user’s interaction with the each member site.
These stored data can be shared with advertising companies that form an agreement with the member site. The member site gives a reference of advertising site on their site that can be in the form of an image or pixel. These are actually reference to the spyware data server. These references cause to connect the spyware data server to the user’s computer. The spyware server then looks for the recognizable cookie. If server fails to find the cookie, server sends a cookie with Unique ID that is called Global Unique Identifier (GUID) to recognize the object every time when connect to the member site. Now the spyware data server can track and capture different kinds of user’s activities exchanged with the member site through GUID. It can capture username, password, credit card, keystroke, email or any other information stored in the associated cookie through member site. The advertising company can share this information without the permission of the users. The worst thing in this scenario is user unawareness from these activities performed by member and spyware sites. Advertising company can use this information for direct marketing or can sell to any concern companies. The major security risk is that if sensitive data about an individual or corporation is exposed, the advertising company has no obligation to inform the users. As the advertising company don’t show their intent to capture the sensitive data [15].
4.3 Third level: Application based
The third level application based spyware cause severe security exposures and risks to individual and corporation.
The application based spywares gain the full control of the system without allowing user to restrict their functionality. As the user starts the computer, spyware activates. Spyware can get all types of data and can send it to the other sources. This type of spyware have not only the characteristics of first and second level spywares but also have abilities to install new application, upgrade new version and generate new advertisement without the user’s permission. Anyone can buy application based spyware to spy on anyone, widely available on internet. Mostly intelligence agencies and hacker communities use application for their concerns [15].
