This bachelor thesis gives relevant issues about computers today, especially on the use of multimedia systems such as audio and video chat, along with related laws and regulations by government and some past events concerning computer security. Then some basics about computer security, including network basics, and the development of a prototype are described. The prototype development includes web-cam capturing on a victim’s system and the transmission of its images through a network. This prototype is the most important part of the thesis and will cover the investigation with and without oversight by anti-virus
and firewall software. For this purpose, several popular established firewall and anti virus software vendors are analyzed and tested.
Table of Contents
1 Introduction
1.1 Computer relevance today
1.2 Audio and Video impact
1.3 Laws and regulations
1.4 Related work and motivation
2 Basics
2.1 OSI reference model
2.2 Correlation of malware
2.2.1 Trojan
2.2.2 Adware
2.2.3 Virus
2.2.4 Spyware
2.2.5 Worm
2.2.6 Other
2.3 Penetration test
2.4 Operating System
2.5 Antivirus software
2.6 Firewall
2.6.1 Firewall types
2.6.2 Network Firewall
2.6.3 Personal Firewall
3 Demonstrator / prototype
3.1 Basics
3.2 Operating systems and work environment
3.3 DirectShow
3.3.1 Filter
3.3.2 Filter graph
3.3.3 Control, create and manage filter graph
3.3.4 Capture Graph
3.3.5 Filters for prototype
3.4 Data transmission
3.4.1 Initialization and socket creation
3.4.2 Send data
3.4.3 Close connection
3.4.4 Further capabilities
3.5 Firewall
3.5.1 Windows XP firewall
3.5.2 Freeware firewalls
3.5.3 Other possibilities
3.6 Virus detection
4 Conclusion
4.1 Operating System
4.2 Virus detection
4.3 Firewall
4.4 Demonstrator
4.5 Final remark and personal impression
Research Objective and Scope
This thesis investigates the security risks associated with multimedia-capable computers connected to networks, specifically focusing on the potential for hidden observation. The study develops a functional prototype to demonstrate how webcam signals can be captured and transmitted over a network while attempting to evade detection by antivirus and firewall software.
- Analysis of modern computer security threats and malware categories.
- Technical implementation of a prototype using Windows API and DirectShow.
- Investigation of network data transmission techniques using socket programming.
- Evaluation of firewall circumvention strategies on Windows XP.
- Testing and analysis of common antivirus software efficacy against the developed prototype.
Excerpt from the Book
3.4 Data transmission
As said at the beginning of this section, the transmission between victim and attacker is a simple send and acknowledge concept. Every single packet is acknowledged by the receiver which ensures that no packets get lost and all packets arrive in the right order. The used protocol UDP is a minimal non connection based network protocol, which is placed on the transport layer of the Internet Protocol (see chapter 2.1 - OSI reference model). It is not reliable and does not have a connection state, which means that there is no established connection between the two nodes and it is not ensured that every packet arrive at the receiver. For that reason it is necessary to implement the send and acknowledge concept in the application (see Figure 3.10). The fact that the Protocol does not have a connection state could be an advantage during the firewall circumvention, but is a disadvantage during implementation. One point is, that UDP is more hidden than a complete established TCP connection. Another advantage is the easy implementation, which base is the network socket programming. Operating systems usually provide an API for the TCP/IP protocol stack. Combinations of local and remote IP addresses and port numbers are mapped to application processes or threads. This socket communication is (usually) a bidirectional data transmission which allows data reception and data send via one socket.
Summary of Chapters
1 Introduction: Provides an overview of computer security risks in the age of multimedia and outlines the motivation for creating a hidden surveillance prototype.
2 Basics: Establishes foundational knowledge regarding the OSI model, various malware categories like Trojans and Spyware, and the functionality of security software such as firewalls and antivirus tools.
3 Demonstrator / prototype: Details the technical development of the surveillance prototype, including DirectShow filter graph construction, network data transmission methods, and strategies for bypassing personal firewalls.
4 Conclusion: Summarizes findings, noting the alarming ease with which common firewalls can be bypassed and the limitations of signature-based antivirus detection against custom-made tools.
Keywords
Spyware, Malware, Computer Security, DirectShow, Webcam Capturing, Firewall, Antivirus, Network Security, Socket Programming, UDP, Windows XP, Penetration Test, Trojan, Data Transmission, Surveillance
Frequently Asked Questions
What is the core subject of this thesis?
The thesis explores the security risks of network-connected computers by demonstrating how a custom-built prototype can perform hidden surveillance via a webcam while circumventing common security software.
What are the primary areas covered in the work?
It covers malware definitions, the OSI model, DirectShow multimedia handling, network socket communication, and the effectiveness of firewalls and antivirus programs.
What is the main objective of the prototype?
The primary goal is to prove the concept of hidden observation by capturing webcam footage on a victim's machine and transmitting it over a network to an attacker's machine.
Which scientific methods are utilized?
The author employs a constructive approach through the development of a software prototype, complemented by a comparative testing method to evaluate the responses of different antivirus and firewall vendors.
What does the main body of the work focus on?
The main part focuses on the architectural design of the prototype, including filter graph manipulation in DirectShow, the implementation of a reliable transmission protocol over UDP, and strategies for manipulating system settings to hide the process.
Which keywords best characterize the research?
Key terms include Spyware, Malware, DirectShow, Firewall, Antivirus, Socket Programming, and Network Security.
How does the prototype handle firewall circumvention?
The prototype identifies that common Windows services, specifically svchost.exe, are often granted full network access by default, allowing the prototype to potentially masquerade as or hide within these trusted system processes.
What conclusion does the author reach regarding antivirus software?
The author concludes that antivirus efficacy is lower than perceived, as signature-based detection is largely ineffective against custom-made, non-publicly distributed malicious code.
- Citar trabajo
- Matthias Wellmeyer (Autor), 2011, Spyware development and analysis, Múnich, GRIN Verlag, https://www.grin.com/document/170139
