One case has closely associated spyware with identity theft. ^[1] In August 2005, researchers from security software firm Sunbelt Software believed that the makers of the common CoolWebSearch spyware had used it to transmit “chat sessions, user names, passwords, bank information, etc.” [1], but it turned out that “it actually is its own sophisticated criminal little trojan that’s independent of CWS.” [2] This case is currently under investigation by the FBI.

Spyware has pricipally become associated with identity theft in that keyloggers get routinely packaged within spyware. John Bambenek, who researches information security, estimates that identity-thieves have stolen over $24 billion US dollars worth of account information in the United States alone [3] .

Spyware-makers may perpetrate another sort of fraud with dialer program spyware: wire fraud. Dialers cause a computer with a modem to dial up a long-distance telephone number instead of the usual ISP. Connecting to the number in question involves long-distance or overseas charges, this can result in massive telephone bills, which the user must either pay or contest with the telephone company. Dialers are somewhat less effective today, now that fewer Internet users use dialup modems.

Digital rights management

Some copy-protection schemes, while they do serve the purpose of attempting to prevent piracy, also behave similarly to spyware programs. Some digital rights management technologies (such as Sony’s XCP) actually use trojan-horse tactics to verify a user as the rightful owner of the media in question.

References

1. ↑ Ecker, Clint (2005). Massive spyware-based identity theft ring uncovered. August 5, 2005.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

A few spyware vendors, notably WhenU and 180 Solutions, have written what the New York Times has dubbed “stealware”, and what spyware-researcher Ben Edelman terms affiliate fraud, also known as click fraud. These redirect the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor.

Affiliate marketing networks work by tracking users who follow an advertisement from an “affiliate” and subsequently purchase something from the advertised Web site. Online merchants such as eBay and Dell are among the larger companies which use affiliate marketing. In order for affiliate marketing to work, the affiliate places a tag such as a cookie or a session variable on the user’s request, which the merchant associates with any purchases made. The affiliate then receives a small commission.

Spyware which attacks affiliate networks does so by placing the spyware operator’s affiliate tag on the user’s activity—replacing any other tag, if there is one. This harms just about everyone involved in the transaction other than the spyware operator. The user is harmed by having their choices thwarted. A legitimate affiliate is harmed by having their earned income redirected to the spyware operator. Affiliate marketing networks are harmed by the degradation of their reputation. Vendors are harmed by having to pay out affiliate revenues to an “affiliate” who did not earn them according to contract. [1]

Affiliate fraud is a violation of the terms of service of most affiliate marketing networks. As a result, spyware operators such as WhenU and 180 Solutions have been terminated from affiliate networks including LinkShare and ShareSale.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Many spyware programs reveal themselves visibly by displaying advertisements. Some programs simply display pop-up ads on a regular basis—for instance, one every several minutes, or one when the user opens a new browser window. Others display ads in response to specific sites that the user visits. Spyware operators present this feature as desirable to advertisers, who may buy ad placement in pop-ups displayed when the user visits a particular site. It is also one of the purposes for which spyware programs gather information on user behavior.

Pop-up advertisements lead to some of users’ most common complaints about spyware. A computer can become overwhelmed downloading or displaying ads. An infected computer rarely has only one spyware component installed—they more often number in the dozens ^[1]—and so while a single program might display ads only infrequently, the cumulative effect becomes overwhelming.

Many users complain about irritating or offensive advertisements as well. As with many banner ads, many spyware advertisements use animation or flickering banners designed to catch the eye—thus they become highly visually distracting. Pop-up ads for pornography often display indiscriminately, including when children use the computer—possibly in violation of anti-pornography laws.

A further issue in the case of some spyware programs has to do with the replacement of banner ads on viewed web sites. Spyware that acts as a web proxy or a Browser Helper Object can replace references to a site’s own advertisements (which fund the site) with advertisements that instead fund the spyware operator. This cuts into the margins of advertising-funded Web sites.

References

1. ↑ ^{a b} “AOL/NCSA Online Safety Study“. America Online & The National Cyber Security Alliance. October 2004.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Many Internet Explorer add-on toolbars monitor the user’s activity. When installed and run without the user’s consent, such add-ons count as spyware. Here multiple toolbars (including both spyware and innocuous ones) overwhelm an Internet Explorer session.

A piece of spyware rarely “lives” alone: an affected computer can rapidly become infected with large numbers of spyware components. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic—slowing down legitimate uses of these resources. Stability issues—application or system crashes—are also common. Spyware which interferes with the networking software commonly causes difficulty connecting to the Internet.

When Microsoft Windows users seek technical support—whether from computer manufacturers, Internet service providers, or other sources—spyware infection emerges as the most common cause. In many cases, the user has no awareness of spyware and assumes that the system performance, stability, and/or connectivity issues relate to hardware, to Microsoft Windows installation problems, or to a virus. Some owners of badly infected systems resort to buying an entire new computer system because the existing system “has become too slow”. Badly infected systems may require a clean reinstall of all their software in order to restore the system to working order. This can become a time-consuming task, even for experienced users.

Only rarely does a single piece of software render a computer unusable. Rather, a computer rarely has only one infection. As the 2004 AOL study noted, if a computer has any spyware at all, it typically has dozens of different pieces installed. The cumulative effect, and the interactions between spyware components, typically cause the stereotypical symptoms reported by users: a computer which slows to a crawl, overwhelmed by the many parasitic processes running on it. Moreover, some types of spyware disable software firewalls and anti-virus software, and/or reduce browser security settings, thus opening the system to further opportunistic infections, much like an immune deficiency disease. Documented cases have also occurred where a spyware program disabled other spyware programs installed by its competitors.

Some other types of spyware (Targetsoft, for example) modify system files to make themselves harder to remove. (Targetsoft modifies the “Winsock” Windows Sockets files. The deletion of the spyware-infected file “inetadpt.dll” will interrupt normal networking usage.) Unlike users of many other operating systems, a typical Windows user has administrator-level privileges on the system, mostly for the sake of convenience. Because of this, any program which the user runs (intentionally or not) has unrestricted access to the system. Spyware, along with other threats, has led some Windows users to move to other platforms such as Linux or Apple Macintosh, which such malware targets far less frequently.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities.

The most direct route by which spyware can infect a computer involves the user installing it. However, users tend not to install software if they know that it will disrupt their working environment and compromise their privacy. So many spyware programs deceive the users, either by piggybacking on a piece of desirable software, or by tricking the users to do something that installs the software without them realizing. Recently, spyware has come to include “rogue anti-spyware” programs, which masquerade as security software while actually doing damage.

Classically, a Trojan horse, by definition, smuggles in something dangerous in the guise of something desirable. Some spyware programs get spread in just this manner. The distributor of spyware presents the program as a useful utility — for instance as a “Web accelerator” or as a helpful software agent. Users download and install the software without immediately suspecting that it could cause harm. For example, Bonzi Buddy, a spyware program targeted at children, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you’ve ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he’s FREE! ^[4]

The BearShare file-trading program, “supported” by WhenU spyware. In order to install BearShare, users must agree to install “the SAVE! bundle” from WhenU. The installer provides only a tiny window in which to read the lengthy license agreement. Although the installer claims otherwise, the software transmits users’ browsing activity to WhenU servers.

^[5]

Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program (for instance, a music program or a file-trading utility) and installs it, and the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software, as with the Gator spyware now marketed by Claria. In other cases, spyware authors have repackaged desirable free software with installers that add spyware.

A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. The Internet Explorer Web browser, by design, prevents websites from initiating an unwanted download. Instead, a user action (such as clicking on a link) must normally trigger a download. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as “Would you like to optimize your Internet access?” with links which look like buttons reading Yes and No. No matter which “button” the user presses, a download starts, placing the spyware on the user’s system. Later versions of Internet Explorer offer fewer avenues for this attack.

Some spyware authors infect a system by attacking security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and install of spyware. The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a “drive-by download”, which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime.

The installation of spyware frequently involves Microsoft’s Internet Explorer. As the most popular Web browser, and with an unfortunate history of security issues, it has become the largest target. Its deep integration with the Windows environment and its scriptability make it an obvious point of attack into Microsoft Windows operating systems. Internet Explorer also serves as a point of attachment for spyware in the form of browser helper objects, which modify the browser’s behavior to add toolbars or to redirect traffic.

In a few cases, a worm or virus has delivered a payload of spyware. For instance, some attackers used the W32.Spybot.Worm worm to install spyware that popped up pornographic ads on the infected system’s screen. ^[6] By directing traffic to ads set up to channel funds to the spyware authors, they can profit even by such clearly illegal behavior.

References

1. ↑ Bonzi.com. http://www.bonzi.com/bonzibuddy/bonzimail.asp.
2. ↑ Edelman, Ben (2005). “WhenU Violates Own Privacy Policy“
3. ↑ “Security Response: W32.Spybot.Worm“. Symantec.com.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

The term adware frequently refers to any software which displays advertisements, whether or not it does so with the user’s consent. Programs such as the Eudora mail client display advertisements as an alternative to shareware registration fees. These classify as “adware” in the sense of advertising-supported software, but not as spyware. They do not operate surreptitiously or mislead the user.

Many of the programs frequently classified as spyware function as adware in a different sense: their chief observed behavior consists of displaying advertising. Claria Corporation’s Gator Software and Exact Advertising’s BargainBuddy provide examples of this sort of program. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user experiences a large number of pop-up advertisements.

Other spyware behaviors, such as reporting on websites the user visits, frequently accompany the displaying of advertisements. Monitoring web activity aims at building up a marketing profile on users in order to sell “targeted” advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware (and some anti-spyware programs report it as such) although many users choose to install it.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Need an webmaster? Click HERE

The first recorded use of the term spyware occurred on October 17, 1994 in a Usenet post that poked fun at Microsoft’s business model. Spyware later came to refer to espionage equipment such as tiny cameras. However, in early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall. ^[1] Since then, computer-users have used the term in its current sense.

In early 2000, Steve Gibson of Gibson Research realized that advertising software had been installed on his system, and he suspected that the software was stealing his personal information. After analyzing the software he determined that they were adware components from the companies Aureate (later Radiate) and Conducent. He eventually rescinded his claim that the ad software collected information without the user’s knowledge, but still chastised the ad companies for covertly installing the spyware and making it difficult to remove.

As a result of his analysis in 2000, Gibson released the first anti-spyware program, OptOut, and many more software-based antidotes have appeared since then. ^[1] International Charter now offers software developers a Spyware-Free Certification program. ^[2]

According to a November 2004 study by AOL and the National Cyber-Security Alliance, 80% of surveyed users’ computers had some form of spyware, with an average of 93 spyware components per computer. 89% of surveyed users with spyware reported that they did not know of its presence, and 95% reported that they had not given permission for the installation of the spyware. ^[3]

References

1. ↑ ^{a b} Wienbar, Sharon. “The Spyware Inferno“. News.com. August 13, 2004.
2. ↑ “Spyware Certification“. International Charter. Retrieved July 10, 2005.
3. ↑ “AOL/NCSA Online Safety Study“. America Online & The National Cyber Security Alliance. October 2004.

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

 Malicious websites may attempt to install spyware on readers’ computers. In this screenshot a spamblog has triggered a pop-up that offers spyware in the guise of a security upgrade.

In the field of computing, the term spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer’s operation without the informed consent of that machine’s owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer’s operation for the benefit of a third party.

Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware – by design – exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.

As of 2005, spyware has become one of the pre-eminent security threats to computer-systems running Microsoft Windows operating-systems (and especially to users of Internet Explorer because of that browser’s collaboration with the Windows operating system). Some malware on the Linux and Mac OS X platforms has behavior similar to Windows spyware, but to date has not become anywhere near as widespread.

Links

Guides

• Magoo’s Guide to Eliminating Spyware — Information on how to get rid of spyware and keep it from returning
• CareOfWindowsXP Spyware guide — Advice on spyware for beginners
• Spyware & Malware Removal Self-Help Guides — Self-help guides on removing different types of Spyware and Malware.
• Protection against Adware and Spyware - Beginners guide to preventing the installation of spyware

Prevention

• How Spyware And The Weapons Against It Are Evolving — Article discussing causes and possible remedies of the spyware problem
• “Using Virtual Machines to Defend Against Security and Trust Failures”
• SiteAdvisor - SiteAdvisor - free software to alert users about sites that install malware or otherwise breach security
• ShieldsUP! - ShieldsUP! internet vulnerability test, can detect a system’s weaknesses such as open ports that may allow malware entry

Organizations

• Anti-Spyware Coalition — A group developing formal definitions and best-practices
• StopBadware.org - A non-profit group (sponsored by Google, Lenovo, and Sun) that aims to provide “reliable, objective information about downloadable applications”.

Software

• http://www.lavasoft.com Ad-Aware antispyware program, free version available
• Safer Networking Spybot Search & Destroy and other free security programs

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

Video: Computer Virus, Spyware.