With viruses, worms, trojans, and blended threats Backdoor flooding, the current production rate attacks against new vulnerabilities much faster than ever before, and social engineering (social engineering) has become a major focus of the trap of new attacks. With a social engineering attack trap elements include spyware, phishing, mail-based attacks and malicious Web sites and the like. These attacks are often disguised as legitimate applications and e-mail messages designed to expose sensitive information to trick users to download and install a malicious program, the traditional safety equipment is difficult to stop, often require advanced detection and security technologies. This paper introduces the features and protection methods grayware.
First, what is grayware
Grayware is an umbrella term that refers to the installation on your computer to track or report on a specific type of software information to a target. The software is usually installed and executed without the permission of the situation. A lot of gray software is required to download and run applications, you can quietly get the job done, such as tracking the use of computers, steal privacy. In a large number of e-mail viruses become monthly news headlines, the user may be aware of if you open the mail is uncertain what risk. But for grayware, users do not need to open an attachment or execution of the infected program, simply visit the site using the technology, it will become a victim of gray software. A lot of gray only produce spam software, such as pop-up window. Indeed, between "harmless" grayware, and steal credit card numbers, passwords, and social security number of attacks this valuable information, or there is a clear distinction between standards.
Grayware often comes from the following acts: (1) download shareware, freeware or otherwise shared files; (2) to open the mail to be infected; (3) Click the pop-up ads; (4) access irresponsible or fraudulent websites ; (5) to install Trojans.
Grayware not necessarily malicious software. The ultimate goal of the software is a lot of gray track site visitors to obtain search results, in order to achieve a commercial purpose. Typical symptoms of gray system software is slow, pop-up ads, targeting the home page to other websites, resulting in harassment. However, hackers often take grayware techniques used for other purposes, such as using a browser to load and run certain programs. These programs can open access to the system, collect information, tracking keyboard input, modify settings, or the manufacture of certain destruction.
Grey software can be divided into the following categories:
Adware is usually embedded into the user free to download and install the software. From time to time pop-up browser window after installation to spread advertising, interfere with the user normal use.
Spyware is often embedded in the free software. It can track and analyze user behavior, such as the user's browsing habits. Tracking information will be returned to the writers of the site, where they are recorded and analyzed. It will cause a change in your computer's performance.
(3) dial-up software
Modem dial-up software is to control the computer software of gray. These programs are usually expensive long distance calls or call the telephone number to generate income for the stealer.
(4) Software joke
Joke software to modify system settings, but does not destroy the system. For example, a mouse or Windows system background image to be modified, and some game software is usually open some small joke or prank.
(5) Point Software
Peer software (P2P) file exchange can be done. Use it to complete the business goals may be lawful, but use it to illegally exchange music, movies, and when other documents, often illegally.
Keylogger is perhaps one of the most dangerous gray software. These programs can capture keyboard input, whereby a user name and password, credit card numbers for Email, chat, instant messaging and so on.
(7) hijacker software
It can change some settings for the browser to change the user's preferences, such as the home page, favorites, or menus. You can even modify the DNS settings, DNS redirection to a malicious DNS server.
Adding to an existing plug-in program code or new features to control, record and send browsing preferences or other information will be sent to an external address.
(9) the network management software
It is designed for malicious purposes grayware, you can change the network settings, the destruction of network security, network or cause other damage. Remote management tools allow external users to remotely control and monitor changes in the network computers.
BHO is a DLL file as a normal software installation, you can control the behavior of Internet Explorer. Not all BHO are malicious, but it has to track browsing preferences and other information collection capabilities.
It can modify the properties of a toolbar computer, you can monitor Web browsing habits, send information to the developer, or change the function of the host.
(12) Download grayware
It secretly download and install other software without the user's knowledge. These programs are usually run during the boot process, you can install adware, dialers and other malicious code.
Second, the symptoms of grayware
Symptoms grayware for the following aspects:
(1) performance. Typically, the process is grayware users do not know. It takes a lot of CPU and memory resources and cause slowdowns. Open the Task Manager to view the process of consumption of resources, generally can be identified grayware.
(2) Even in the absence of any online program execution, Cable or DSL Modem send and receive data of a lamp, or a network card or Modem taskbar icon still kept flashing, it indicates that the data being transmitted.
(3) In the absence of connection Internet, or browser is not running, the computer will pop-up windows and advertising information.
(4) the browser's home in the absence of notice from the default into other pages, change does not work.
(5) Internet Explorer search engine has been modified, the search results will always point to an unspecified search URL.
(6) Web browser favorites are modified, you can not change it back, or you can not delete the newly added entry.
(7) or search the Web browser toolbar is modified, the new options are installed, and these toolbars can not be deleted.
(8) anti-virus program, anti-gray software program is forced to stop working, popular security software is turned off. Applications CAUTION missing file is run, even if the files are overwritten back does not work. Before installation can close the popular security software.
Protection methods Third, grayware
1, user education
User Education The most basic way is to allow users to understand the characteristics and dangers of grayware prohibit downloading and installing unsolicited software. Or before being allowed to download and install unknown programs, read "End User License." Malicious software tends to gray and Trojans are usually trying to hide, remove or prevent isolation. Another way to reduce the chance of infection is to increase the security level of the Web browser is configured such as Outlook mail program to not automatically download pictures in HTML messages or other content, turn off auto-preview, for all operating systems and application software install the latest patches.
2, install anti-spyware programs
Similar anti-virus software on the new anti-gray software and computer functions, they can be based on the number of eigenvalues and signatures to detect grayware, remove and freeze gray software. Anti-Gray software program is divided into client software host-based and network-based anti-gray two types of software. Host-based client software installation and maintenance costs that include installation on each computer, regularly update the software and virus database. As a result of the license approach, the higher cost of the entire enterprise deployment.
In addition, many Trojans and grayware before installation will automatically detect if these protection software, if any, is closed off, so you can avoid being detected. So there are certain risks.
Web-based anti-grayware at the enterprise network connected to the Internet platform of the border, the deployment of anti-gray software products. Be gray before entering the network to identify and remove the software, reducing installation, maintenance and the cost of keeping updated. Gateway is upgraded, all the computer's firewall will automatically be protected.