Spyware development and analysis

Table of Contents

1 Introduction

1.1 Computer relevance today

1.2 Audio and Video impact

1.3 Laws and regulations

1.4 Related work and motivation

2 Basics

2.1 OSI reference model

2.2 Correlation of malware

2.2.1 Trojan

2.2.2 Adware

2.2.3 Virus

2.2.4 Spyware

2.2.5 Worm

2.2.6 Other

2.3 Penetration test

2.4 Operating System

2.5 Antivirus software

2.6 Firewall

2.6.1 Firewall types

2.6.2 Network Firewall

2.6.3 Personal Firewall

3 Demonstrator / prototype

3.1 Basics

3.2 Operating systems and work environment

3.3 DirectShow

3.3.1 Filter

3.3.2 Filter graph

3.3.3 Control, create and manage filter graph

3.3.4 Capture Graph

3.3.5 Filters for prototype

3.4 Data transmission

3.4.1 Initialization and socket creation

3.4.2 Send data

3.4.3 Close connection

3.4.4 Further capabilities

3.5 Firewall

3.5.1 Windows XP firewall

3.5.2 Freeware firewalls

3.5.3 Other possibilities

3.6 Virus detection

4 Conclusion

4.1 Operating System

4.2 Virus detection

4.3 Firewall

4.4 Demonstrator

4.5 Final remark and personal impression

Research Objective and Scope

This thesis investigates the security risks associated with multimedia-capable computers connected to networks, specifically focusing on the potential for hidden observation. The study develops a functional prototype to demonstrate how webcam signals can be captured and transmitted over a network while attempting to evade detection by antivirus and firewall software.

• Analysis of modern computer security threats and malware categories.
• Technical implementation of a prototype using Windows API and DirectShow.
• Investigation of network data transmission techniques using socket programming.
• Evaluation of firewall circumvention strategies on Windows XP.
• Testing and analysis of common antivirus software efficacy against the developed prototype.

Excerpt from the Book

Summary of Chapters

1 Introduction: Provides an overview of computer security risks in the age of multimedia and outlines the motivation for creating a hidden surveillance prototype.

2 Basics: Establishes foundational knowledge regarding the OSI model, various malware categories like Trojans and Spyware, and the functionality of security software such as firewalls and antivirus tools.

3 Demonstrator / prototype: Details the technical development of the surveillance prototype, including DirectShow filter graph construction, network data transmission methods, and strategies for bypassing personal firewalls.

4 Conclusion: Summarizes findings, noting the alarming ease with which common firewalls can be bypassed and the limitations of signature-based antivirus detection against custom-made tools.

Keywords

Spyware, Malware, Computer Security, DirectShow, Webcam Capturing, Firewall, Antivirus, Network Security, Socket Programming, UDP, Windows XP, Penetration Test, Trojan, Data Transmission, Surveillance

Frequently Asked Questions

What is the core subject of this thesis?

The thesis explores the security risks of network-connected computers by demonstrating how a custom-built prototype can perform hidden surveillance via a webcam while circumventing common security software.

What are the primary areas covered in the work?

It covers malware definitions, the OSI model, DirectShow multimedia handling, network socket communication, and the effectiveness of firewalls and antivirus programs.

What is the main objective of the prototype?

The primary goal is to prove the concept of hidden observation by capturing webcam footage on a victim's machine and transmitting it over a network to an attacker's machine.

Which scientific methods are utilized?

The author employs a constructive approach through the development of a software prototype, complemented by a comparative testing method to evaluate the responses of different antivirus and firewall vendors.

What does the main body of the work focus on?

The main part focuses on the architectural design of the prototype, including filter graph manipulation in DirectShow, the implementation of a reliable transmission protocol over UDP, and strategies for manipulating system settings to hide the process.

Which keywords best characterize the research?

Key terms include Spyware, Malware, DirectShow, Firewall, Antivirus, Socket Programming, and Network Security.

How does the prototype handle firewall circumvention?

The prototype identifies that common Windows services, specifically svchost.exe, are often granted full network access by default, allowing the prototype to potentially masquerade as or hide within these trusted system processes.

What conclusion does the author reach regarding antivirus software?

The author concludes that antivirus efficacy is lower than perceived, as signature-based detection is largely ineffective against custom-made, non-publicly distributed malicious code.