210 likes | 375 Vues
Grayware, A new threat of computer security. National Computer Virus Emergency Response Center Vice Director 陈建民 (Chen Jianmin) Fortinet Information Technology (Tianjin) Co., Ltd. Antivirus Research Manager 杨赵勇 (Yang Zhaoyong). 一些常见的现象 Common Characteristics. 浏览器默认主页被修改 , 收藏夹里多了一些陌生的网址
 
                
                E N D
Grayware, A new threat of computer security National Computer Virus Emergency Response Center Vice Director 陈建民(Chen Jianmin) Fortinet Information Technology (Tianjin) Co., Ltd. Antivirus Research Manager 杨赵勇(Yang Zhaoyong)
一些常见的现象Common Characteristics • 浏览器默认主页被修改,收藏夹里多了一些陌生的网址 • Default main page of Internet browser being modified. It contains unrecognized URLs. • 浏览器的工具栏上多了一些工具条和各种按钮 • Browser’s toolbar has more tool menus and buttons • 系统经常会弹出一些广告页面 • 不知何时, 系统被安装了一些未知的软件 • Unidentified software installed on the system • 一些软件是不必要的, 但是不知怎样去卸载 • Unnecessary software installed but cannot uninstall themeasily • 系统中存在着较多的未知进程 • System displays many unidentified processes • 系统的性能越来越低,变得不太稳定 • System is slow and becomes unstable Fortinet Confidential
为什么叫灰色软件(Grayware)?Why The Name Grayware? • 这些软件通常都有一些有用的功能 • They are usually some sort of software utilities or tools • 它们通常也包含一些对用户来说不必要的行为 • They comprise of some actions that are unnecessary to the users • 它们通常被一些公司在网站上公开发布 • They are usually distributed online by some companies • 它们的一些行为在法律上处于灰色区域 • Their behaviors whether being lawful lie in the gray area Fortinet Confidential
灰色软件(Grayware)和恶意软件(Malware)有什么不同?What Are The Differences Between Grayware And Malware? • 软件发布者 • Software Distributors • 恶意软件(Malware) • Malware • 发布者一般是个人 • Distributors are usually individuals • 发布者一般是未知的 • Distributors are unknown • 灰色软件(Grayware) • Grayware • 发布者一般是公司 • Distributors are usually companies • 发布者一般是公开的 • Distributors identities are known Fortinet Confidential
灰色软件(Grayware)和恶意软件(Malware)有什么不同? What Are The Differences Between Grayware And Malware? • 发行目的 • The Intention of Distribution • 恶意软件(Malware) • Malware • 破坏或控制用户的系统 • To disrupt or control systems • 窃取用户的重要信息(如口令) • To steal information from users (e.g. passwords) • 炫耀作者的计算机技能 • To boast author’s computing skills and knowledge • … • 灰色软件(Grayware) • Grayware • 争取更多的用户资源 • To attain more resources from users • 收集用户信息 • To collect more information of users • 发布商业广告 • To advertise • … Fortinet Confidential
灰色软件(Grayware)和恶意软件(Malware)有什么不同? What Are The Differences Between Grayware And Malware? • 发布方式 • Distribution Methods • 恶意软件(Malware) • Malware • 自动感染其它文件 • Infect other files • 通过电子邮件, 即时通讯工具,系统漏洞在网络间自动传播 • Propagate through emails, communication software, system vulnerabilities • 伪装成一些常用软件欺骗用户主动安装 • Disguised as common software utilities • … • 灰色软件(Grayware) • Grayware • 在相关网站上公开发布 • Distributed on related Web sites • 和其它共享软件捆绑发布 • Bundled with other shareware • … Fortinet Confidential
灰色软件如何安装到用户的系统上?How Grayware Gets Installed On Systems? • 最终用户许可协议(EULA)陷井 • EULA Deceptions • EULA中只谈软件的有用的功能,回避其隐含的用户可能不愿接受的行为 • EULA specifies the positive aspects of the software and avoid indicating the hidden activities • EULA中对软件包含的用户可能不愿接受的行为采用一些普通用户很难理解的专业术语进行描述 • EULA specifies the undesired functionalities by users in highly technical terms to cause obscurity • 冗长的EULA使得用户可能忽略了某些对其不利的描述 • Long EULA so that users may neglect certain undesired descriptions of the software • 灰色软件的发布者用软件中的有用功能诱使用户安装该软件, 用户在安装了这些软件后可能并不知道它们会给自己的带来什么样的问题. • Grayware distributors make use of the useful features of the software to tempt users to install them, but users do not know what problems the software will bring about. Fortinet Confidential
灰色软件如何安装到用户的系统上?How Grayware Gets Installed On Systems? • 通过第三方网站提供给用户安装 • Users can install them through third parties’ Web sites • 灰色软件发布者通过经济手段让大量的第三方网站为其发布软件. • Grayware distributed through third parties’ Web sites which obtains financial gains • 这些网站为了经济利益会想方设法让尽可能多的用户安装这些软件,一些非常规的方法可能会被使用: • These Web sites set up different ways to tempt users to install the software for their own financial gains. Some of the usual ways are as follows: • 利用IE漏洞自动安装 • Automatic installation through IE vulnerabilities • 反复弹出安装提示强迫用户安装 • Repeatedly pop up installation wizard to compel users to install • 冒充其它软件欺骗用户安装 • Disguised as other software applications • 很多色情网站上都存在着大量的灰色软件,用户登录这些网站时很可能会被安装上灰色软件 • There is a lot of grayware at pornographic sites. Users loggin in to these sites could have grayware installed Fortinet Confidential
灰色软件如何安装到用户的系统上?How Grayware Gets Installed On Systems? • 和其它共享软件捆绑发布 • Bundled with shareware • 灰色软件发布者同样会利用经济手段诱使大量的共享软件捆绑其软件. • Grayware distributors through providing financial gains bundled with shareware • 这些共享软件的发布者为了从灰色软件发布者那获取更多的经济利益,也会想法设法让 用户在安装这些共享软件的同时安装其中捆绑的灰色软件,可能的方法有: These shareware owners think different ways to tempt users to install their software in order to obtain greater financial gains: • 没有对用户做任何提示,自动安装捆绑的软件 • There is no notification. Bundled software is automatically installed. • 默认会安装捆绑的软件,除非用户改变安装设置 • By default will install bundled software unless users modified installation set up Fortinet Confidential
灰色软件有哪些威胁?What are the threats of Grayware? • 违背用户真实意愿, 改变用户系统设置 • Violate users expectations; modifies users’ system set up • 许多灰色软件会在未经用户许可的情况下,大量修改用户设置,如IE默认主页,收藏 夹,添加系统启动项,并且用灰色软件还经常监控这些设置,使得普通用户很难将这些设置改过来。 A lot of grayware modifies users set up, such as IE default main page, hide and add system startup without users approval. Besides, grayware frequently monitors and controls these set up, causing users difficult to remove them. • 一些灰色软件会在最终用户许可协议(EULA)中提到这些可能的修改,但很多用户可能不会注意到这些. • Some grayware states the system modification notification in EULA, but many users do not pay attention to it. Fortinet Confidential
灰色软件有哪些威胁?What are the threats of Grayware? • 经常弹出网页广告,影响用户正常使用 • Frequently pop up advertisements; disrupting users normal activities • 大量的灰色软件被用于发布广告,频繁的广告会影响用户的正常使用,很多用户并不知道为什么会弹出这些广告,是哪些程序弹出的广告. • A lot of grayware has been used to display advertisements. Frequent displays of advertisements disrupt users normal activities. Many users do not know why advertisements keep popping up. Fortinet Confidential
灰色软件有哪些威胁?What are the threats of Grayware? • 收集用户信息,泄露用户隐私 • Collect users’ information; disclose users’ confidential information • 一些灰色软件可以在用户不知情的情况下收集用户的信息,并将这些信息用于商业用途。如一些IE搜索插件会将用户的插索关键字记录下来,根据结果分析用户的兴趣爱好,再将这些信息用于广告,广告商可以根据不同的用户有针对的发布广告。 • Some grayware can collect users’ information without their knowledge and use the information for commercial purposes. For instance, some IE search engines will store users’ keywords input and analyze them to determine users’ interests. These results will be sent to companies which according to users’ interests display advertisements. Fortinet Confidential
灰色软件有哪些威胁?What are the threats of Grayware? • 自动下载安装新的未知程序 • Automatically download and install unknown software programs • 许多灰色软件都具有升级更新功能,它们经常会自动从网上下载运行新和程序而不通知用户,新下载下来的程序可能是个新的灰色软件,甚至恶意软件,这对系统是个替在的威胁。 • A lot of grayware has upgrade capabilities. It frequently downloads and runs new programs without the users’ knowledge. Newly downloaded program may be new grayware, even malware. This is a threat to the system. Fortinet Confidential
灰色软件有哪些威胁?What are the threats of Grayware? • 影响系统性能和稳定性 • Affect system functionalities and stability • 大量的灰色软件被安装到系统上后,由于这些软件很多需要监控用户的操作,因而内存中会同时存在多个相似功能的进程,这些进程之前可能会相互争夺系统资源,甚至互相残杀,造成用户系统性能和稳定性的降低。 • A lot of grayware after installation monitors users’ activities,resulting in many similar processes running at the same time. These processes will compete for CPU time and result in low system functionalities and stability. Fortinet Confidential
灰色软件有哪些威胁?What are the threats of Grayware? • 一些灰色软件很难被卸载 • Some grayware is difficult to uninstall • 很多灰色软件并不提供卸载程序,或者卸载功能很隐蔽,甚至故意对程序实施某种保护,普通用户很难卸载. • A lot of grayware does not come with uninstaller or with uninstalling capabilities hidden, or even protect the programs so that normal users will have difficulties in uninstalling them. Fortinet Confidential
灰色软件的常见种类Common categories of Grayware • Adware • Hijacker • BHO • Toolbar • Dialer • Downloader • Spyware • KeyLogger • RAT • HackerTool • Joke Fortinet Confidential
一些建议Some suggestions • 对于政府部门 • To Government Departments • 尽快完善相关法律, 对于各类灰色软件进行定性 • Improve the laws by defining each category of grayware • 对软件的发行进行规范, 禁止可能有损用户利益的行为 • Standardize the distribution of software. Stop activities that may harm users’ interest Fortinet Confidential
一些建议Some suggestions • 对于软件发布者 • To software distributors • 清晰描述软件的所有功能 • Clearly describe all the features of the software programs • 不违背用户意愿修改用户设置 • Do not violate users’ expectations by modifying users’ set up • 不窃取用户信息 • Do not steal users’ information • 软件的行为应该是可控的 • Software program activities can be controlled • 不欺骗,强迫用户安装其它不相关的软件 • No deception or compelling users to install other unwanted software programs • 软件应该具有卸载功能 • Software programs should have uninstalling capabilities Fortinet Confidential
一些建议Some suggestions • 对于安全厂商 • To Security Companies • 密切关注灰色软件的发展动态 • Closely monitors grayware development • 为用户提供相关的解决方案 • Provide users related solutions • 对于影响较大的灰色软件,及时上报给相关国家的主管部门 • Report to appropriate government departments regarding grayware that poses greater threats Fortinet Confidential
一些建议Some suggestions • 对于计算机用户 • To computer users • 不要浏览不良网站 • Do not browse harmful Web sites • 不要安装来历不明,功能不清的软件 • Do not install unknown software • 安装软件时认真解读最终用户许可协议 • Read the EULA carefully when installing software • 看清安装步骤, 不安装不必要的软件 • Read clearly the installation procedures; avoid unnecessary software programs being installed • 经常为系统打上安全补丁程序 • Frequently install new system patches • 经常升级防毒软件的特征库 • Frequently upgrade anti-virus patterns Fortinet Confidential