Weekly summary 6

profileNikunj Nayak
easttom_netd_ppt_10F.pdf

Network Defense and

Countermeasures

by Chuck Easttom

Chapter 10: Defending Against Trojan Horses, Spyware, and Adware

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 2

Objectives

 Describe Trojan horses

 Take steps to prevent Trojan horse attacks

 Describe spyware

 Use antispyware software

 Create antispyware policies

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 3

Introduction

Though not as common as viruses, Trojan

horses still pose a real threat to computer

systems. Spyware and adware continue to

grow and clutter computer networks and

individual computers. This chapter provides

ways to combat these particular types of

threats.

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 4

Trojan Horses

 Typical actions Trojan horses take:

 Delete files from a computer

 Spread other malware

 Use the computer to launch a DDoS

 Search for personal information

 Install “back door” to the computer

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 5

Identifying Trojan Horses

 Back Orifice

 Internet Explorer Trojan Horse

 NetBus

 Linux Trojan Horses

 Portal of Doom

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 6

Back Orifice

 Allows control over

TCP/IP

 Entirely self-installing

 Can be attached to

legitimate applications

 Does not appear in the

task list

 Registry is the best way

to remove

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 7

Internet Explorer Trojan Horse

 Released in 2003

 Targets Microsoft’s Internet Explorer Browser

 Changes the DNS configuration on the

Windows machine

 Redirects requests to the hacker’s site

 Patch released by Microsoft

 Check out Secunia to see if your browser is

vulnerable

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 8

NetBus

 Similar to Back Orifice

 Only works on port

20034

 Simple to check

infection

 Removal through the

registry

 Easy-to-use GUI

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 9

Linux Trojan Horses

 These Trojan horses are not new

 One released in 1999

 Typical back door Trojan horse

 Uploaded to at least one FTP server

 Not known how many systems were compromised

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 10

Portal of Doom

 Back door tool allows remote users to

perform the following:

 Open and close the CD tray

 Shut down the system

 Open files or programs

 Access drives

 Change passwords

 Log keystrokes

 Take screen shots

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 11

Symptoms of a Trojan Horse

 Home page for your browser changes

 Any change to passwords, usernames,

accounts, and so on

 Any change to screen savers

 Changes to mouse settings, backgrounds,

and such

 Any device seeming to work on its own

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 12

Preventing Trojan Horses

 The answer is a hybrid approach using:

 Technological measures

 Policy measures

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 13

Technological Measures

 Block unneeded ports (e.g. 20034)

 Utilize antivirus software (most check for

Trojan horses)

 Prevent active code in browsers

 Limit user’s rights to just what is needed

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 14

Policy Measures

 Never download any attachments unless

absolutely certain they are safe or expected

 If a port is not needed, close it

 Restrict the downloading of software

 Be cautious of hidden file extensions

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 15

Trojan Horse and Associated Port(s)

Table 10.1 Ports used by well-known Trojan horses

Port(s) Used Trojan Horse

57341 NetRaider

54320 Back Orifice 2000

37651 Yet Another Trojan (YAT)

33270 Trinity

31337 and 31338 Back Orifice

12624 Buttman

9872-9872, 3700 Portal of Doom (POD)

7300-7308 Net Monitor

2583 WinCrash

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 16

Spyware and Adware

 Becoming more and more intrusive

 Can cause systems to crash

 Made to gather information and send it to

third parties

 Generate pop-ups not detected by pop-up

blockers

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 17

Identifying Spyware and Adware

 Like viruses and Trojan horses, spyware and adware programs become well known

 Gator (Adware)  Two methods of removal

 Add/remove programs

 The registry

 RedSheriff (Spyware)  Twofold problem:

 No one is certain what data is collected (except manufacturer)

 Many people have a negative reaction to web site monitoring

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 18

Antispyware

 Spy Sweeper (www.webroot.com)

 Spyware Doctor (www.pctools.com/spyware-

doctor/)

 Zero Spyware

 Microsoft Antispyware

(www.microsoft.com/athome/security/spywar

e/software/default.mspx)

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 19

Spy Sweeper

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 20

Spy Sweeper cont.

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 21

Spyware Doctor

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 22

Zerospyware

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 23

Researching and Comparing

Antispyware Products

 The following sites provide reviews of

antispyware software or the actual product

 Spyware Warrior reviews

 Tech News World utilities

 Ars Technica antispyware reviews

 PC magazine antispyware reviews

 Spyware Avenger

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 24

Antispyware Policies

 Never download any attachments you are not

certain aresafe

 Configure browser to block cookies

 Configure browser to block scripts

 Utilize browser pop-up blockers

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 25

Anti-Spyware Policies cont.

 Never download the following if you are

uncertain of their safety:

 Applications

 Browser skins

 Screen savers

 Utilities

 Block Java applets, or require manual

approval of such

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 26

Summary

 Both Trojan horses and spyware pose

significant dangers

 Virus scanners and appropriate policies are

your only protection against Trojan horses

and spyware

 Carefully develop and implement anti-Trojan

horse policies

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 27

Summary cont.

 Spyware and adware are growing problems

for networks

 Spyware can compromise security

 Confidential information can be compromised

by spyware

 Adware is more of a nuisance than a real

security threat

 However, there is a threshold of adware that can

make a system unusable

© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,

Spyware, and Adware 28

Summary cont.

 There are numerous utilities that can help

protect against Trojan horses (antivirus

software)

 Available utilities can protect against spyware

and adware

 Policies can work with utilities to further

protect systems