Techniques of adware and spyware presented at Virus Bulletin 2005

by Eric Chien (Symantec),

Tags: Security

URL : http://www.virusbtn.com/conference/vb2005/abstracts/eric_chienTechFri1540.xml

Summary : A whole class of threats commonly known as adware and spyware has proliferated over the last few years with very few impediments. These programs are security risks that are typically used to gather marketing information or display advertisements in order to generate revenue.Not only are these threats far more widespread than traditional malware, but they also utilize techniques that are far more advanced than those used in traditional threats. No doubt this is because adware and spyware programs are being created by registered corporations with professional developers rather than by some hobbyist virus writer.This paper will examine the techniques used by adware and spyware in their attempts to remain resident on the system and examine the types of data being extracted from the user’s system. These techniques will be compared to similar techniques being used by traditional malicious software and speculate at what point adware and spyware becomes more akin to a Trojan horse.Solutions will be discussed including exploring the necessity of full system repair including repairing the registry, process scanning, and address the removal of other advanced hooking concepts such as Winsock Layered Service Providers.