SEMINAR ON

Spyware and Trojan Horses

Click to edit Master subtitle style

4/13/12

NameMohapat Brancgh &Engg. Regd No -

Nilakanth Computer sc.

Overview
What is spyware? Types of spyware? How can you be infected? How the spyware work? Method of deletion What is Trojan Horse? Types of Trojan Horses How can you be infected? Method of deletion.
4/13/12

What is Spyware?
Spyware is a program that is installed

surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent. that secretly monitors the user's behavior.

While the term spyware suggests software

4/13/12

Effects and behaviors

Unable to access certain web sites
Web-based email Secure sites (HTTPS)

Often get unwanted pop-ups, even when not

using your web browser

Network may suddenly not work at all A spyware infection can create significant

unwanted CPU activity, disk usage, and network traffic. such as applications freezing, failure to boot, and system-wide crashes, are 4/13/12

How was Spyware work?

Spyware and Adware

programs have a tendency to hide as cookie or temporary internet files

Adware startup has the

tendency to hide itself in the register keys as normal program.

Spyware Prevention

Often obtained through Drive-by Download when browsing the web

Internet Explorer is primary target

Use an alternate, more secure web

browser in Windows

Firefox Opera

4/13/12

Many programmers and some commercial firms have released products dedicated to remove or block spyware. Programs such as Ad-Aware and Spybot - Search &

Removal-:
Up-to-date anti-virus and a running firewall

will catch many problems

Scan computers running Windows often Free removal tools often available for

with Ad-Aware or Spybot Search & Destroy specific malware problems

Free online virus scanning

Microsofts Malicious Software Removal Tool

Education is the best prevention

4/13/12

What is Trojan Horse?

Trojan horse is a malicious program that

allow unauthorized access to the host machine, giving them the ability to save their files on the user's computer or even watch the user's screen and control the computer..

Like the gift horse left outside the gates of

Troy by the Greeks, Trojan Horses appear to be useful or interesting to an unsuspecting user, but are actually harmful

4/13/12

Example-:
For example, if a computer game is designed

such that, when executed by the user, it opens a back door that allows a hacker to control the computer of the user, then the computer game is said to be a Trojan horse.

A program named "waterfalls.scr" serves as a

simple example of a Trojan horse.The author claims it is a free waterfall screen saver. When running, it instead unloads hidden programs, scripts, or any number of commands without the user's knowledge or consent.

4/13/12

Types of Trojans
They are classified based on how they breach and damage systems. The six main types of Trojan horse are-:
Remote Access Data Destruction Downloader/dropper Server Trojan(Proxy, FTP , IRC, Email,

HTTP/HTTPS, etc.)
Disable security software Denial-of-service attack (DoS)
4/13/12

Where They Live

Autostart Folder

The Autostart folder is located in C:\Windows\Start Menu\Programs\startup and as its name suggests, automatically starts everything placed there. Is an auto-starting method for Windows95, 98, ME, XP and if c:\explorer.exe exists, it will be started instead of the usual c:\Windows\Explorer.exe, which is the common path to the file

Explorer Startup

4/13/12

Are you infected?

Its normal to visit a web site and several more

pop-ups to appear with the one you've visited. But when you do completely nothing and suddenly your browser directs you to some page unknown to you, take that serious. Box appears on your screen, asking you some personal questions.

A strange and unknown Windows Message

Your Windows settings change by themselves

like a new screensaver text, date/time, sound volume changes by itself, your mouse moves 4/13/12

Methods of deletion:The simplest responses involve clearing

the temporary internet files and deleting it manually. detect and remove the trojan automatically. If the antivirus cannot find it, booting the computer from alternate media, such as a live CD, may allow an antivirus program to find a trojan and delete it. efficient against this threat.

Normally, antivirus software is able to

Updated anti-spyware programs are also

4/13/12

Similarities / Differences
Spyware
Commercially Motivated Internet connection required Initiates remote connection Purpose: To monitor activity Collects data and displays pop-ups Legal Not Detectable with Virus Checker Age: Relatively New (< 5 Years)

Trojan Horses
Malicious Any network connection required Receives incoming connection Purpose: To control activity Unauthorized access and control Illegal Detectable with Virus Checker Age: Relatively Old ( > 20 Years)

Memory Resident Processes Surreptitiously installed without users consent or understanding Creates a security vulnerability

References
http://www.symantecstore.com http://www.google.co.in / http://www.wikipedia.com/ http://www.safer-networking.org/en/index.html http://www.answers.com/

Thank you for watching!

Click to edit Master subtitle style

4/13/12