Weekly summary 6
Network Defense and
Countermeasures
by Chuck Easttom
Chapter 10: Defending Against Trojan Horses, Spyware, and Adware
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 2
Objectives
Describe Trojan horses
Take steps to prevent Trojan horse attacks
Describe spyware
Use antispyware software
Create antispyware policies
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 3
Introduction
Though not as common as viruses, Trojan
horses still pose a real threat to computer
systems. Spyware and adware continue to
grow and clutter computer networks and
individual computers. This chapter provides
ways to combat these particular types of
threats.
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 4
Trojan Horses
Typical actions Trojan horses take:
Delete files from a computer
Spread other malware
Use the computer to launch a DDoS
Search for personal information
Install “back door” to the computer
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 5
Identifying Trojan Horses
Back Orifice
Internet Explorer Trojan Horse
NetBus
Linux Trojan Horses
Portal of Doom
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 6
Back Orifice
Allows control over
TCP/IP
Entirely self-installing
Can be attached to
legitimate applications
Does not appear in the
task list
Registry is the best way
to remove
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 7
Internet Explorer Trojan Horse
Released in 2003
Targets Microsoft’s Internet Explorer Browser
Changes the DNS configuration on the
Windows machine
Redirects requests to the hacker’s site
Patch released by Microsoft
Check out Secunia to see if your browser is
vulnerable
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 8
NetBus
Similar to Back Orifice
Only works on port
20034
Simple to check
infection
Removal through the
registry
Easy-to-use GUI
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 9
Linux Trojan Horses
These Trojan horses are not new
One released in 1999
Typical back door Trojan horse
Uploaded to at least one FTP server
Not known how many systems were compromised
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 10
Portal of Doom
Back door tool allows remote users to
perform the following:
Open and close the CD tray
Shut down the system
Open files or programs
Access drives
Change passwords
Log keystrokes
Take screen shots
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 11
Symptoms of a Trojan Horse
Home page for your browser changes
Any change to passwords, usernames,
accounts, and so on
Any change to screen savers
Changes to mouse settings, backgrounds,
and such
Any device seeming to work on its own
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 12
Preventing Trojan Horses
The answer is a hybrid approach using:
Technological measures
Policy measures
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 13
Technological Measures
Block unneeded ports (e.g. 20034)
Utilize antivirus software (most check for
Trojan horses)
Prevent active code in browsers
Limit user’s rights to just what is needed
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 14
Policy Measures
Never download any attachments unless
absolutely certain they are safe or expected
If a port is not needed, close it
Restrict the downloading of software
Be cautious of hidden file extensions
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 15
Trojan Horse and Associated Port(s)
Table 10.1 Ports used by well-known Trojan horses
Port(s) Used Trojan Horse
57341 NetRaider
54320 Back Orifice 2000
37651 Yet Another Trojan (YAT)
33270 Trinity
31337 and 31338 Back Orifice
12624 Buttman
9872-9872, 3700 Portal of Doom (POD)
7300-7308 Net Monitor
2583 WinCrash
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 16
Spyware and Adware
Becoming more and more intrusive
Can cause systems to crash
Made to gather information and send it to
third parties
Generate pop-ups not detected by pop-up
blockers
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 17
Identifying Spyware and Adware
Like viruses and Trojan horses, spyware and adware programs become well known
Gator (Adware) Two methods of removal
Add/remove programs
The registry
RedSheriff (Spyware) Twofold problem:
No one is certain what data is collected (except manufacturer)
Many people have a negative reaction to web site monitoring
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 18
Antispyware
Spy Sweeper (www.webroot.com)
Spyware Doctor (www.pctools.com/spyware-
doctor/)
Zero Spyware
Microsoft Antispyware
(www.microsoft.com/athome/security/spywar
e/software/default.mspx)
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 19
Spy Sweeper
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 20
Spy Sweeper cont.
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 21
Spyware Doctor
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 22
Zerospyware
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 23
Researching and Comparing
Antispyware Products
The following sites provide reviews of
antispyware software or the actual product
Spyware Warrior reviews
Tech News World utilities
Ars Technica antispyware reviews
PC magazine antispyware reviews
Spyware Avenger
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 24
Antispyware Policies
Never download any attachments you are not
certain aresafe
Configure browser to block cookies
Configure browser to block scripts
Utilize browser pop-up blockers
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 25
Anti-Spyware Policies cont.
Never download the following if you are
uncertain of their safety:
Applications
Browser skins
Screen savers
Utilities
Block Java applets, or require manual
approval of such
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 26
Summary
Both Trojan horses and spyware pose
significant dangers
Virus scanners and appropriate policies are
your only protection against Trojan horses
and spyware
Carefully develop and implement anti-Trojan
horse policies
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 27
Summary cont.
Spyware and adware are growing problems
for networks
Spyware can compromise security
Confidential information can be compromised
by spyware
Adware is more of a nuisance than a real
security threat
However, there is a threshold of adware that can
make a system unusable
© 2014 by Pearson Education, Inc. Chapter 10 Defending Against Trojan Horses,
Spyware, and Adware 28
Summary cont.
There are numerous utilities that can help
protect against Trojan horses (antivirus
software)
Available utilities can protect against spyware
and adware
Policies can work with utilities to further
protect systems