PARETOLABS

Related

Spyware Behavior

Spyware as we know it first appeared on the Internet in 1999, as a component of certain free downloadable games that collected user information then transmitted it to a remote server. Since then, the practice of including Spyware with free programs has become commonplace, and very irritating. Free games are still a common culprit, as are file-sharing programs, add-in toolbars for Internet Explorer, download accelerators, screensavers, and media players.

Just as a sneaky hacker titled his Trojan horse program “Trojan Horse Remover,” so have certain Spyware developers dressed up their products as anti-spyware tools. Anti-Spyware tools that do not function as advertised or that actually include Spyware, Adware or other malicious code are often referred to as “rogue” anti-spyware tools, thanks to Eric L. Howes and SpywareWarrior.com.

What Can Spyware do?

Lots of things—very few of them good. Perhaps the ten most common symptoms/capabilities of Spyware are:

  1. Displaying unwanted or intrusive advertising
    • Ads often appear in their own browser windows
    • Many Adware ads are pornographic
    • Ads may be “targeted” at the user based on which websites he or she visits. (e.g. a user who visits movie websites will be shown movie-related ads)
  2. Recording private data and transmitting it to a third party
    • Spyware can collect technical information about the user’s computer.
    • Some threats will attempt to steal passwords and usernames, often for online banking.
    • Spyware keyloggers can record every keystroke, while some surveillance programs can capture images of the user’s display.
  3. Changing Web browser settings like homepage, search page, error page and Favorites/Bookmarks
    • Threats with this behaviour are called browser hijackers.
    • If a user changes the affected settings, they will often be reset to the hijacked settings on reboot.
    • A changed search page may indicate that all Web searches are being monitored.
  4. Allowing a remote intruder to access the user’s computer and perform unwanted actions, some of which can cause serious damage
    • Remote Administration Tools (RATs) are among the most dangerous Spyware threats.
    • Remote influence can allow an intruder to shut down programs, modify and delete files, and steal any and all information stored on the user’s computer.
  5. Downloading and installing unwanted files or programs without notifying the user or requesting permission.
    • Downloader components are often labeled as the “auto-update” features of larger programs. If a Spyware program is allowed to auto-update, it can download and install anything, including more Spyware or viruses and worms.
    • Download Accelerators can easily auto-download unwanted files, as can specialized file-delivery programs.
    • Downloaders are distinct from file-sharing programs like Kazaa and Grokster, which allow users to download files from each other.
  6. Shut down a program/process, or even disable or shut down a PC
    • Plenty of Spyware is poorly written and prone to crashing, often locking up the user’s machine.
    • Some Spyware intentionally disables security software like firewalls and anti-virus programs.
    • Remote Administration Tools (RATs) often allow intruders to shut down or restart the user’s computer.
  7. Uses a modem-connected phone-line to call pay-per-minute phone services or phone-based payment lines
    • Programs called dialers can use a phone connected to the user’s computer to call adult pay-per-minute phone services
    • Certain pornographic websites allow patrons to pay their monthly fee by using a dialer program
    • Dialers can be automatically installed by certain websites using ActiveX scripts
  8. Exploits a security vulnerability in another program
    • Many legitimate applications have loopholes or flaws in their code that hackers exploit for a variety of reasons.
    • Security exploits are often used to access a user’s computer and gain remote influence.
    • Some hackers attack security vulnerabilities purely for recognition or to point out flaws in a respected application.
  9. Floods an Internet connection or network
    • Flooder programs send massive amounts of data to a computer or network in an attempt to overload and disable the connection.
    • Network floods can cost businesses thousands or even millions in lost productivity.
    • Denial of Service (DoS) attacks are group attacks that employ multiple computers in an attempt to shutdown a website or network.
  10. Distributes a Spyware threat, virus, worm, or Trojan
    • Some Spyware applications attempt to transmit threats over file-sharing networks.
    • Some threats can collect e-mail addresses stored on a user’s computer and mass e-mail dangerous files.
    • Worms and viruses are more likely to distribute threats, but some Spyware exhibits virus-like behaviour.