p. 1

compliments of nasty ware

[close]

p. 2

the author and publisher have taken care in the preparation of this book but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions no liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein all trademarks are the property of their respective owners publisher linda mccarthy editor in chief denise weldon-siviy managing editor linda mccarthy cover designer alan clements cover artist nina matsumoto interior artist heather dixon web design eric tindall and ngenworks indexer joy dean lee interior design and composition kim scott bumpy design content distribution keith watson the publisher offers printed discounts on this book when ordered in quantity for bulk purchases or special sales which may include electronic versions and/or custom covers and content particular to your business training goals marketing focus and branding interests for more information please contact u.s corporate and education sales 510 220-8865 except where otherwise noted content in this publication is licensed under the creative commons attribution-noncommercial-no derivative works 3.0 united states license available at http creativecommons.org/licenses/by-sa/3.0/us/legalcode isbn 978-0-615-37366-9 library of congress cataloging-in-publication data mccarthy linda own your space keep yourself and your stuff safe online linda mccarthy isbn 978-0-615-37366-9 electronic 1 computer security 2 computers and children 3 internet and teenagers 4 computer networks-security measures i title visit us on the web www.100 pagepress.com download free electronic versions of the book from myspace http www.myspace.com/ownyourspace and facebook http www.facebook.com/ownyourspace.net and from own your space http www.ownyourspace.net rev 2.0

[close]

p. 3

chapter 3 nasty ware meet stef from camden maine stef loves music and enjoys downloading the latest hits to her ipod when stef received an email offering her ten free songs she didn t hesitate to click the embedded link for more details now her pc is under siege from advertisers and continually plagued with pop-up ads stef thought she was only getting a few songs little did she know that free doesn t always mean free except where otherwise noted content in this publication is licensed under the creative commons attribution-noncommercial-no derivative works 3.0 united states license available at http creative commons.org/licenses/by-sa/3.0/us/legalcode isbn 978-0-615-37366-9

[close]

p. 4

30 chapter 3 stef had fallen victim to adware one of a number of nasty ware problems out there like spyware rogue security software and ransomware adware is a major problem for users while stef thought her antivirus software would protect her from problems like this doing that s a lot harder than it sounds adware and spyware are really in a class of their own mcafee refers to programs like these as potentially unwanted programs or pups that s a bit generous since most spyware is unwanted and we ve yet to meet anyone who really wanted adware and while security software like antivirus products try to stop pups or at least warn you about them the adware writers are continually changing their software to avoid detection pups potentially unwanted programs a politically correct term for unwanted adware and spyware still those pups are being dumped on systems and some are collecting data about you these data grabbers often collect information without your knowledge and send that information on to someone else or save it in a special file for pickup later at the convenience of the hacker sometimes a third party uses the information to target advertising they re basically looking for better ways to sell you things other times that information is used to steal your identity or take over your computer data grabbers software programs that collect information about you and send that data on to a third party data grabbers include adware spyware and keyboard loggers 3.1 spyware some companies sell legitimate spyware programs many forms of parental control programs in effect spy on users so do employee monitoring programs these are not what we mean when we talk about spyware in this book we cover malicious spyware that is programs installed without your knowledge that can eat up system resources affect performance and steal confidential information as the name suggests spyware literally spies on you when you use your computer among other things it may keep track of which websites you visit and what you

[close]

p. 5

nasty ware 31 do on those sites spyware may also include keyboard loggers which collect the user names and passwords that you enter at various sites spyware a software program that monitors your computer usage without your knowledge spyware is different from worms and viruses in that spyware s primary purpose is to spy on you it doesn t self-replicate even so spyware is just as dangerous if you care about your privacy you need to understand how spyware lands on your machine and whether you or your parents are at risk if your system has slowed down for no apparent reason you may already have spyware because you visited a malicious or compromised website and the program installed without your knowledge this type of code dumping is called a drive-by download some spyware will even install after you say no to installing it drive-by download a program that is installed without your knowledge when you visit a malicious or compromised website 3.2 adware depending on who you ask adware is either legal commercial software or it s malware that s dumped on a users systems without their knowledge or truly informed consent some people refer to adware and spyware as the same thing but they re not adware is a type of software that delivers advertising to your web browser advertisers also use adware for what they call behavioral targeting it allows them to target ads to the consumers most likely to purchase a given product based on those consumers other online activities there actually are some legitimate uses for adware and most adware manufacturers try to stay within the letter of the law by requiring users to consent to having their programs installed adware a program that delivers targeted advertising content to users often by gathering information from a user s computer about what that person does online and which websites are visited.

[close]

p. 6

32 chapter 3 adware can be incredibly annoying it can change your homepage flood your screen with multiple pop-up ads install tool bars in your web browser and read cookies installed on your computer it can also arrive without your knowledge teens who are heavy internet users can easily get adware dumped on their pcs without realizing it these programs can hitch a ride when you download free tools such as screen savers or if you visit a malicious website teens also often download adware along with popular software music and video files while adware is usually unwanted sometimes it s an i ll scratch your back if you scratch mine situation in a common scenario websites will allow you to download free software in exchange for taking adware as part of the package of course that software really isn t free you re selling your time in watching closing or trying to close all the pop-ups in exchange for the software this may not necessarily be a bad deal consider if your cable company gave you free cable tv in exchange for using a system that stopped you from filtering out the commercials you might still feel you were getting the better end of the bargain that s pretty much the deal you re making when you use some popular file-sharing software the trick is to realize the deal you re making 3.2.1 end user licensing agreements eulas many users don t realize that they ve consented to install adware because they don t read the end user licensing agreement eula when they install new software or sign up for new internet services this is understandable eulas are typically long boring and written in legalese often they re presented in small type and confusing language and most users wrongly assume they don t cover anything that s terribly important some companies provide eulas that are written in such wordy convoluted text that only the most determined geek will even attempt to decipher their meaning the adware application tinkopal provides a eula that contains over 5,000 words artfully arranged into only 145 sentences of nearly 40 words each eula end user licensing agreement this is the detailed legalese document that you must agree to in order to install most programs.

[close]

p. 7

nasty ware 33 while it s hard to get around deliberately misleading eulas truthfully few companies bother because they assume you re not going to read the eula anyway quite a few are very upfront and actually list the adware functions this type of download leaves the adware company on legal ground because they can argue that you said yes to installing it in the first place even though you may feel that you were tricked 3.2.2 peer to peer p2p networks peer-to-peer p2p networks are places where teens often visit to share resources such as music films software games and other programs while it s gone seriously commercial now napster began as a popular p2p network with p2p you can search online and share files with other people who are using the same file sharing program common file-sharing programs include kaaza limewire imesh and bit torrent downloading items from p2p networks is very popular for a number of reasons these are places to find content that s offbeat new or edgy if you re looking for indie retro techno-punk you re probably going to find it on a p2p site downloads from p2p sites are also often free and risky why risky commercial sites tend to be extremely careful about what they allow to be downloaded if they aren t people are likely to sue them for downloads that trash their systems artists are likely to sue them for violating copyright laws when money s involved people are likely to sue in general while those lawsuits or just the fear of them drive up the price they also add incentive to site operators to ensure that their downloads are safe and legal things get riskier when you start downloading from unknown sites and sites that rely on individual submissions such as p2p networks downloading games movies and music from unknown sites can get you into trouble on several levels you might download malware adware spyware trojans and keyboard loggers you may also violate copyright laws and face fines for piracy even if the material you re downloading is safe your download experience may be more than you expected specifically you may have agreed to accept adware when you installed the software you need for p2p file sharing.

[close]

p. 8

34 chapter 3 at this point you re probably thinking but i really need to download free stuff that s one of the reasons i wanted a pc to begin with don t despair while you may or may not need to download free stuff you certainly don t need to use an adware version of download software to do so many p2p services offer a commercial download package that s free of adware the catch of course is that it is commercial meaning you ll need to pay for it if the price tag makes you balk remember that you are paying for the free downloads you re selling your time to watch ads and details on your personal browsing habits for many people that price is simply too high 3.2.3 downloading safely there are many things you can download to your computer a song a film a new screensaver a game another type of software program but before you download anything ask yourself these questions 1 can the site you re downloading from be trusted 2 is the thing you re downloading a legal copy or do you think it s probably pirated are you breaking copyright laws 3 will adware get dumped on your computer not sure carefully read the end user license agreement 4 is the file-sharing software you re using to download this item really free or are you paying for it by selling your time to watch ads if so are you ok with that 5 is the thing you want to download safe could it contain malware like a trojan are you willing to take that risk 3.3 keyboard loggers keyboard loggers are integral parts of some adware and spyware programs other keyboard loggers are installed separately as standalone programs and marketed as employee or parental monitoring systems.

[close]

p. 9

nasty ware 35 a keyboard logger is exactly what it sounds like a program that logs every keystroke that you type at your computer this can be incredibly dangerous just think about some of the things that you type in if you use online banking you enter the user name and password for your bank account maybe even the account numbers if you order games or clothes online you enter your parents credit card numbers if you apply for credit or jobs online you enter your social security number and other personal data everything a thief would need to take over your identity keyboard logger computer a program that keeps track of every keystroke that you type at your hackers have been planting keyboard loggers on users pcs without their knowledge for many years short of outlawing keyboard loggers which probably wouldn t help anyway the only solution to this problem is to adequately protect your machine outlawing loggers isn t an option anyway keyboard loggers are a standard part of any security expert s tool bag experts use these tools in investigations to catch bad guys doing bad things as an interesting side note some of these keyboard loggers are marketed to parents to monitor teen activity online if you think you re immune reconsider a 2007 study by the pew internet american life project found that 53 of parents with home internet access use monitoring software in addition 45 use filtering software to completely block certain sites or types of material of course sometimes it s the teens doing the monitoring in mid-2008 a high school senior at an affluent california high school was arrested for installing software to track passwords on the school registrar s computer and then using the stolen passwords to change his grades 3.4 rogue software and scareware in a cruel twist some spyware exists only to sell anti-spyware solutions these scams are referred to as rogue security software or scareware rogue software pretends to be legitimate security software some of these programs are quite

[close]

p. 10

36 chapter 3 sophisticated and actually appear to be your own security software informing you of a problem rogue security software also known as scareware applications that use unethical marketing practices to trick users into paying for and downloading worthless or malicious software masquerading as computer security software the most common rogue security software displays a bogus message announcing that your computer has been infected with spyware the message is often formatted to display as if it were coming from your own security software the scammer then tries to sell you software to remove the discovered spyware to add an air of legitimacy most rogue security software uses a name that sounds trustworthy and familiar the top sellers in 2009 were spywareguard 2008 antivirus 2009 spywaresecure and xp antivirus often the same web page that generates the pop-up ad claiming your machine is infected actually does infect your computer with malware that continually redirects your web browser to ads for their software naïve users find that purchasing that software for an average $49.95 just installs new and different spyware and victims generally end up with a computer that s unusable this is an old game with a new face in october 2004 the federal trade commission filed charges against three companies seismic entertainment productions smartbot.net and sanford wallace for what amounted to spyware extortion the three firms first infected pcs with spyware that overwhelmed users with unwanted pop-up ads then tried to sell them anti-spyware programs to fix the problems they d just caused while the game is old the tactics are new and evolving scareware ads now routinely appear where users don t expect them like in the top page of search results from major search engines how volume for one thing by spring 2009 avg s free linkscanner tool which helps prevent users from clicking on malicious web links was picking up 30,000 web pages a day that contained ads for scareware.

[close]

p. 11

nasty ware 37 to increase hit rates the scammers also include phrases that people are likely to search for often like american idol winner or nascar schedule we talk about this process called black hat search engine optimization later in this chapter scammers also increasingly embed links on social networking sites twitter posts and even within comments made on youtube videos in a practice known as malvertising short for malicious advertising ads for rogue security software have popped up on reputable sites including newsweek fox news and the new york times the idea is to take advantage of users trust of the reputable site malvertising the practice of advertising rogue security software on reputable websites to exploit users trust of those sites these scams are extremely common here is one we came upon while updating this book at first glance it looks legitimate doesn t it our tip-off here was that our computer security software isn t named personal security and the people who wrote it understand enough english to write a better warning than this computer is in danger with malware truthfully most rogue security software is more professionally written at the next level they did do a better job at the scam notice how the next web page displayed looks like it isn t a web page at all unless you look at the address bar at the top instead it s designed to look like a warning message from windows.

[close]

p. 12

38 chapter 3 note that this is complete with the windows logo on the pop-up identifying the alleged malware.

[close]

p. 13

nasty ware 39 regardless of what you click on this screen you proceed to the download option again it doesn t much matter what you click here most scareware continues the download to infect your computer regardless of what you do at this point run save or cancel if you re not running a good anti-malware program before you hit this point you re in serious trouble this old game isn t likely to end soon in april 2009 the wall street journal reported that the number of scareware programs had tripled between july and december of 2008 by late 2008 the anti-phishing working group apwg identified over 9,000 separate scareware programs circulating on the internet in the first half of 2009 the apwg identified a 583 increase in scareware programs the scams appear nearly everywhere including corrupted emails and even inside comments containing links on legitimate sites like youtube and twitter 3.5 ransomware with ransomware the creeps up the ante by holding your computer hostage until a ransom is paid what distinguishes ransomware from general scareware or rogue security software is that the malware writers disable or threaten to disable your computer unless you pay up sometimes that s an empty threat but one that it s fairly hard for the user to assess.

[close]

p. 14

40 chapter 3 the most common form of ransomware is an extension of rogue security software in this scenario the malware you inadvertently install in response to the bogus spyware or virus report actually disables your files or critical programs until you purchase whatever software it is that they re trying to sell sometimes however the scammers give up the pretense of selling a product and are just upfront about the extortion ransomware a form of malware in which the user s computer files are encrypted or the system or internet connected cell device is disabled if a ransom isn t paid ransomware is a form of malware that often targets mobile devices often the ransom consists of sending a premium sms text message one recent infection trj/smslock.a demanded that infected users send a premium text message and include a supposedly unique number in order to receive the deactivation code thankfully the code writers weren t very bright and security experts were able to release a free tool that generated deactivation codes and by not very bright we mean really really not very bright given that they displayed their ransom demands and instructions only in russian most ransomware writers are brighter albeit just as sleazy one piece of malware spread in may 2009 through infected links in twitter posts shut down and disabled all other software applications until victims purchased a two-year license of a rogue security software package for $49.95 the crooks also don t always lock down your whole machine just the files you re most likely to use the lorobot ransomware identified in october 2009 encrypted all of the victim s text files word documents pdfs and jpg picture files then demanded $100 for the decryption software 3.6 black hat search engine optimization if you search online often you know that even the most carefully worded search can return hundreds or thousands of results while that seems great for all the websites returned in practice you know you re not going to look at more than the first few pages of any search result in fact odds are pretty high that you won t look at anything after the first 20 sites listed companies know this and put a lot

[close]

p. 15

nasty ware 41 of work into making sure that their websites appear within those first twenty sites returned that process of ensuring that a website is returned as high as possible within a search result is called search engine optimization seo how does this work the ranking assigned to any search result depends on a lot of factors while most people assume that the top result is simply the most popular site that s not the only factor considered google claims to use over 200 different factors when ranking websites although google keeps their factors secret to attempt to foil spammers most of the techniques used by the major search engines are well known the popularity of a site the content the number of sites that have links pointing to it and other factors are all used in search engine algorithms to determine a site s ranking seo uses these known factors to improve a website s ranking that ranking is very important the higher a website is in search engine results the more people will find the site most website operators want their sites listed on the first page of search results the higher up the better so how does a website get a higher ranking well content is the primary factor the better the content the higher number of links pointing to it but quality of content is not the only factor in fact a website with quality content may not see a lot of new visitors with lower search engine results no one will find the site enter the consultants specifically the search engine optimization seo consultants optimization is a fancy way of saying that a website will use the search engine algorithms to its advantage to gain a higher search engine ranking seo techniques and consultants modify the content and other data on websites and web pages to boost a website s ranking most of the major search engine operators even publish information for webmasters on how to structure their websites to do well by itself seo is a perfectly legitimate business practice where it becomes problematic is when it s used in sleazy ways have you ever done a search and gotten results that had nothing to do with what you searched for have you noticed returns for what looks like rogue security software when you searched for something completely unrelated to security well some seo techniques manipulate search engine algorithms using deception and illegitimate and unapproved means these techniques are called black hat seo some of the deceptive techniques include

[close]