The Spyware Within You
Yes, today’s spyware though resides in your computer or mobile but it’s pretty much inside you. Whatever we do, wherever we go it’s stored in a computer or an embedded device like mobile phone.
What you will learn…
• The new trendy Spear spyware
• About honeypots of spyware
• The new trendy Spear spyware
• About honeypots of spyware
We are in Cyber Age an age where the only form of war that looks feasible is a cyber war and the modern spywares will be a keypart of the same whether it’s a war between 2 largest brand, between business partners or between nations. And it’s definitely true that what we will witness in next 5 years will revolutionize the world of hacking with next generation spywares.
The spyware which resides in our life via a computer or a mobile. With over a decade of running the largest ethical hacking company in India and the only one to do research in ethical hacking to produce an advanced framework for ethical hacking I saw the spywares changing from basic batch file programs written to capture keylogs to ones which are polymorphic which reside as a normal software depending on your computer platform, antiviruses which can update themselves with update in virus signatures. Some Programmers in our research unit creates a spyware called appin m@trix for our penetration framework which updated itself in assembly to bypass signatures and will modify itself regularly.
The spyware also had random behavior rather than just plain logic which made runtime detection impossible. The next generation spywares will be tough to handle and will hit all embedded platforms used by you.
Trends
In one of the honeypots we had to collect spywares, the number of spywares collected hit a meter of 376 unique families and over 3000 samples in a single day which is quite high for a single honeypot. The spywares rising in number and are spreading capability over different platforms like windows, Windows Mobile, Macintosh, Android, Symbian etc.
A new trend of spyware has come into picture called Spear Spyware. The spear spyware is one which is targeted to a particular organization or a set of individuals and hence has no signature, is based on target’s infrastructure. Such kind of spywares are very difficult to detect and are meant to capture specific information like files, username/passwords, banking information, keylogs, screenshots of the target computer.
Another trend obtained saw evolution of privilege escalation in spywares which gave them a greater capability to even spy on web and video cameras, audio along with normal functionality.
The spywares created are also meant to steal application data which is sensitive. An example observed in 2010 was Stuxnet which exploited vulnerability in Siemens software for SCADA to become one of the most widely spread spywares.
Considering the serious damage accomplished by spyware, the fact that studies by Forrester Research find that as many as 87% of PCs are infected with spyware is sobering. Even more sobering is the fact that infected computers has, on average, 28 different types of spyware installed at any given time, and 7% of infected computers are infected with spyware that records keystrokes such as passwords and credit card numbers.
Top Spywares in 2018
Appin’s research lab in Asia and Europe does regular research on spyware and malware analysis/reverse engineering and evaluates which spywares have maximum spread. The summary of research on top spywares is underneath:
1. PurtyScan: is a pop-up advert. It attracts the user by giving propositions to find pornographic content/ spyware on your computer and clean it. However once the user clicks it he/she will be taken to a website with much more spyware and adware waiting to infiltrate your computer.
2. Gator: Gator tracks your online browsing so that it can tailor itself to your likes. The computer user is flooded with banner ads attempting to catch your attention. This often ends up on computers through sharing files on Kazaa or other P2P programs or downloading freebies from random sites.
3. CoolWebSearch: This is a form of malware designed to hijack your Internet settings and then forward you to its own web page. However the webpage that it forwards you to is loaded with adware and spyware.
4. ISTbar/Aupdate: This acts as a toolbar. It continues to send a barrage of pop-up adverts displaying pornographic images to your computer.
5. Perfect KeyLogger: This is a very harmful form of coding. It records everything you type on your computer and can communicate your most personal information back to its creator.
6. Trojan-Downloader.Generic: This is a backdoor which allows the attacker to download any Trojan
into the victim’s computer. This is actually a family of spywares popularly called as downloaders.
7. Trojan-Spy.Win32.Zbot.gen: This is spyware which reverse connects to a remote server and allows the attacker to gain remote access to your computer. This spyware is dangerous and can capture allsensitive data/passwords stored in your computer.
8. Explorer32.Hijacker: This spyware hijacks theexplorer.exe of windows and gathers sensitive
information from your computer.
Attack Methods used by spywares to spread
Appin has various honeypots which did studies over botnets, methods used to spread botnets which capture various attack, exploits which are used to spread spywares. Some of the examples are given below:
1. Email based attacks: Ever got an email prompting you to click a link or download a pdf. Beware this is one of the most common methods used to spread spywares and there have been countless such attacks spreading out of Chinese and Russian IP addresses.
2. Pornographic and free tools download websites:These websites are honeypots created to attract people and spread spywares through browser vulnerabilities being exploited.
3. Spyware removal tools which act as spyware:Spyware removal tools prompt a user to check their system for spywares but the police become,a thief in no time. A lot of these tools remove other
spywares but add a spyware to take control of yourmcomputer.
4. USB drives: USB drives act as a spreader ofmspywares in a network of computers. There are various such propagation modules which have worm behavior and act as a carrier of spywares.
5. Chat bots: How often do you get a link in your chat bot from girl with hot picture? This is again one of the methods to spread a spyware in a network of people related to each other where the software starts sending malicious links which download the spyware on your computer.
Latest Advancements
As a research activity for finding new vulnerabilities Appin’s team created a proof of concept intelligent spyware lookalike of a professional spyware caught on one of our honeypots. This spyware was intelligent enough to restart itself on being stopped. Also the spyware had a unique behavior and could restart itself even after formatting. The strange part was that none of the security features of windows 7 and anti viruses detected this behavior. Hackers have now started using intelligent spywares which are almost impossible to remove from your computers. Research is being carried out by Appin to create a list of 100 such heuristics which can be used by IDS, antiviruses to detect such intelligent spywares
Another trend obtained saw evolution of privilege escalation in spywares which gave them a greater capability to even spy on web and video cameras, audio along with normal functionality.
The spywares created are also meant to steal application data which is sensitive. An example observed in 2010 was Stuxnet which exploited vulnerability in Siemens software for SCADA to become one of the most widely spread spywares.
Considering the serious damage accomplished by spyware, the fact that studies by Forrester Research find that as many as 87% of PCs are infected with spyware is sobering. Even more sobering is the fact that infected computers has, on average, 28 different types of spyware installed at any given time, and 7% of infected computers are infected with spyware that records keystrokes such as passwords and credit card numbers.
Top Spywares in 2018
Appin’s research lab in Asia and Europe does regular research on spyware and malware analysis/reverse engineering and evaluates which spywares have maximum spread. The summary of research on top spywares is underneath:
1. PurtyScan: is a pop-up advert. It attracts the user by giving propositions to find pornographic content/ spyware on your computer and clean it. However once the user clicks it he/she will be taken to a website with much more spyware and adware waiting to infiltrate your computer.
2. Gator: Gator tracks your online browsing so that it can tailor itself to your likes. The computer user is flooded with banner ads attempting to catch your attention. This often ends up on computers through sharing files on Kazaa or other P2P programs or downloading freebies from random sites.
3. CoolWebSearch: This is a form of malware designed to hijack your Internet settings and then forward you to its own web page. However the webpage that it forwards you to is loaded with adware and spyware.
4. ISTbar/Aupdate: This acts as a toolbar. It continues to send a barrage of pop-up adverts displaying pornographic images to your computer.
5. Perfect KeyLogger: This is a very harmful form of coding. It records everything you type on your computer and can communicate your most personal information back to its creator.
6. Trojan-Downloader.Generic: This is a backdoor which allows the attacker to download any Trojan
into the victim’s computer. This is actually a family of spywares popularly called as downloaders.
7. Trojan-Spy.Win32.Zbot.gen: This is spyware which reverse connects to a remote server and allows the attacker to gain remote access to your computer. This spyware is dangerous and can capture allsensitive data/passwords stored in your computer.
8. Explorer32.Hijacker: This spyware hijacks theexplorer.exe of windows and gathers sensitive
information from your computer.
Attack Methods used by spywares to spread
Appin has various honeypots which did studies over botnets, methods used to spread botnets which capture various attack, exploits which are used to spread spywares. Some of the examples are given below:
1. Email based attacks: Ever got an email prompting you to click a link or download a pdf. Beware this is one of the most common methods used to spread spywares and there have been countless such attacks spreading out of Chinese and Russian IP addresses.
2. Pornographic and free tools download websites:These websites are honeypots created to attract people and spread spywares through browser vulnerabilities being exploited.
3. Spyware removal tools which act as spyware:Spyware removal tools prompt a user to check their system for spywares but the police become,a thief in no time. A lot of these tools remove other
spywares but add a spyware to take control of yourmcomputer.
4. USB drives: USB drives act as a spreader ofmspywares in a network of computers. There are various such propagation modules which have worm behavior and act as a carrier of spywares.
5. Chat bots: How often do you get a link in your chat bot from girl with hot picture? This is again one of the methods to spread a spyware in a network of people related to each other where the software starts sending malicious links which download the spyware on your computer.
Latest Advancements
As a research activity for finding new vulnerabilities Appin’s team created a proof of concept intelligent spyware lookalike of a professional spyware caught on one of our honeypots. This spyware was intelligent enough to restart itself on being stopped. Also the spyware had a unique behavior and could restart itself even after formatting. The strange part was that none of the security features of windows 7 and anti viruses detected this behavior. Hackers have now started using intelligent spywares which are almost impossible to remove from your computers. Research is being carried out by Appin to create a list of 100 such heuristics which can be used by IDS, antiviruses to detect such intelligent spywares
Piyush KR is the Founder of BeingHacker. He writes about how to, tutorials especially on Android, Computer, Internet, Social Networks etc. Apart from this he is an Ethical Hacker. He loves to share his knowledge with others through blogging.
You can contact me at admin@beinghacker.net
Hm, not bad, you know... This may be useful to know for me. Today I also use some tricks to spy for my wife and not only. Can I share with you this great app? This does not leave evidence if you want to watch for the phone of your spouse or for someone else. This spyware https://snoopza.com made a good work. Today I can even track my workers with this app. I'm sure of them location and with what they are doing in work hours. Watching youtube videos, or implement the plan
ReplyDelete