Featured Images

Spyware – Are you being watched?

Are you being spied on?

Spyware is one of the fastest-growing internet threats and I have had several nasty incidents of infection of my PC’s with this sort of malware. According to many sources spyware infects up to 80-90% of all PCs. These unobtrusive, malicious programs are designed to bypass firewalls and anti-virus software without the user’s knowledge and install themselves. Once embedded in a computer they wreak havoc on the system’s performance while gathering your personal information.

How do these programs get in?

Typically a PC gets infected with spyware in three ways:

  • Downloading a free ware program or file from sharing site.
  • Pop ups asking you to optimize some feature of your PC like security.
  • Attack programs on websites that are designed to force an installation.

The most common way is when the user installs it. In this scenario, spyware is embedded, attached, or bundled with a freeware or shareware program. The user downloads the program to their computer along with the file (often pirated music or files). Once downloaded, the spyware program gets to work collecting data for the spyware author’s personal use or to sell to a third-party. Beware of many Peer2Peer file-sharing programs – they are notorious for downloads that possess spyware programs.

The user of any downloadable program should pay extra attention to the accompanying licensing agreement. Often the software publisher will warn the user that a spyware program will be installed along with the requested program – Microsoft do this with their spyware called Genuine Advantage which checks your installed Microsoft components for pirated copies. Unfortunately, we do not always take the time to read the fine print – particularly if it is several pages long. Some agreements may provide special ‘opt-out’ boxes that the user can click to stop the spyware from being included in the download but you have to look carefully for these.

Another way that spyware can access your computer is by tricking you into manipulating the security features designed to prevent any unwanted installations. The IE browser was designed to prevent websites starting any unwanted downloads automatically. That is why the user has to initiate a download by clicking on a link. However these links can prove very easy to hijack, for example, a pop-up modeled after a standard Windows dialog box, may appear on your screen. The message may ask you if you would like to optimize your internet access – a popular trick. It provides yes or no answer buttons, but no matter which button you push, a download containing the spyware program will start. This is how Antivirus 2010 gets in for example. Newer versions of Internet Explorer are now making this spyware pathway a little bit more difficult but it seems to me that these types of program have little difficulty in getting past these security patches and I had one case where even Symantec offered no protection to these types of attack.

Finally, some spyware applications infect a system by attacking security holes in the Web browser or other software. When the user navigates a webpage controlled by a spyware author, the page contains code designed to attack the browser, and force the installation of the spyware program.

What can spyware programs do?

Spyware programs can accomplish a multitude of malicious tasks. Some of their deeds are simply annoying for the user; others can become downright aggressive in nature.

Spyware can:

  • Monitor your keystrokes for reporting purposes and track your browsing activity
  • Snoop through applications on our desktop – like Microsoft!
  • Steal credit card numbers, passwords, and other personal information.
  • They often do not provide the user with an uninstall option and places itself in unexpected or hidden places within your computer making it difficult to remove. Many times you have to dive into the registry to remove them – not a trivial task!
  • Deceptive functionality. Spyware often uses a classic ‘Trojan horse’ tactics like a virus. It can offer to synchronize your PC’s clock or keep track of forms then get to work in the background on more interesting tasks.
  • Hijack your Home page. Did you ever find that your home page was changed, or have you discovered new sites in favorites that you didn’t add?
  • Loss of privacy. Some spyware keeps track of the web sites you visit and sends that information back to the spyware vendor. Do you want to tell everyone what naughty sites you have visited?
  • Even more advertising by delivering annoying pop up advertisements. Did you install a popup stopper but you are still getting popups? The ads you are getting may not be from the web site you are on but from spyware.
  • Stolen advertising – instead of showing the ads that should appear on a web site, some spyware substitutes its own ads which can rob a web site of revenue.
  • Reduced performance by useing up system resources, CPU time, memory, disk space, and bandwidth, making your system slower.
  • System instability – most spyware isn’t very well tested or debugged the result can be system crashes, hangs, or other strange behavior.
  • Security risks. Some spyware has a built-in update feature that lets the spyware maker download and install new code to your system without your knowledge or approval.

Here are a few examples of commonly seen spyware programs:

CoolWebSearch – a set of programs that install through ‘holes’ found in Internet Explorer. These programs direct traffic to advertisements on Web sites including coolwebsearch.com. This spyware nuisance displays pop-up ads, rewrites search engine results, and alters the computer host file to direct the Domain Name System (DNS) to lookup preselected sites.
Internet Optimizer – redirects Internet Explorer error pages to advertisements. When the user follows the broken link or enters an erroneous URL, a page of advertisements pop up.
180 Solutions reports extensive information to advertisers about the Web sites which you visit. It also alters HTTP requests for affiliate advertisements linked from a Web site therefore the 180 Solutions Company makes an unearned profit off of the click through advertisements they’ve altered.
HuntBar (WinTools) or Adware. Websearch, is distributed by Traffic Syndicate and is installed by ActiveX drive-by downloading at affiliate websites or by advertisements displayed by other spyware programs. It’s a prime example of how spyware can install more spyware. These programs will add toolbars to Internet Explorer, track Web browsing behavior, and display advertisements.
Some more to be aware of:
Gator (GAIN)
180search Assistant
ISTbar/AUpdate
Transponder (vx2)
BlazeFind
Hot as Hell
Advanced Keylogger
TIBS Dialer

How can I prevent spyware?

There are a couple things you can do to prevent spyware from infecting your computer system. First, invest in a reliable commercial anti-spyware program. There are several currently on the market including stand alone software packages I recommend Enigma software package as I used it once to successfully remove antivirus2009 when it got past Symantec on my daughter’s PC – link is here take a look: http://www.enigmasoftware.com/ Other options provide the anti-spyware software as part of an anti-virus package. This type of option is offered by companies such as Sophos, Symantec, and McAfee but they are not optimized to deal with this threat and I think offer poor protection. As with most programs update your anti virus software often as there are thousands of new versions coming out almost every day.

As discussed, the Internet Explorer (IE) is often a contributor to the spyware problem because spyware programs like to attach themselves to its functionality – spyware enjoys penetrating the IE’s weaknesses. Because of this, many users have switched to non-IE browsers like Firefox that seems a little more secure. However, if you prefer to stick with Internet Explorer, be sure to update the security patches regularly every Tuesday and only download programs from reputable sources and never engage in download sites whose specialty is pirated software or content you are certain to be infected.

3 comments to Spyware – Are you being watched?

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>