Spyware Behavior

 

Spyware as we know it first appeared on the Internet in 1999, as a component of certain free downloadable games that collected user information then transmitted it to a remote server. Since then, the practice of including Spyware with free programs has become commonplace, and very irritating. Free games are still a common culprit, as are file-sharing programs, add-in toolbars for Internet Explorer, download accelerators, screensavers, and media players.

 

Just as a sneaky hacker titled his Trojan horse program ¡§Trojan Horse Remover,¡¨ so have certain Spyware developers dressed up their products as anti-spyware tools. Anti-Spyware tools that do not function as advertised or that actually include Spyware, Adware or other malicious code are often referred to as ¡§rogue¡¨ anti-spyware tools, thanks to Eric L. Howes and SpywareWarrior.com.

 

What Can Spyware do?

Lots of things¡Xvery few of them good. Perhaps the ten most common symptoms/capabilities of Spyware are:

 

  1. Displaying unwanted or intrusive advertising
    • Ads often appear in their own browser windows
    • Many Adware ads are pornographic
    • Ads may be ¡§targeted¡¨ at the user based on which websites he or she visits. (e.g. a user who visits movie websites will be shown movie-related ads)

 

  1. Recording private data and transmitting it to a third party
    • Spyware can collect technical information about the user¡¦s computer.
    • Some threats will attempt to steal passwords and usernames, often for online banking.
    • Spyware keyloggers can record every keystroke, while some surveillance programs can capture images of the user¡¦s display.

 

  1. Changing Web browser settings like homepage, search page, error page and Favorites/Bookmarks
    • Threats with this behaviour are called browser hijackers.
    • If a user changes the affected settings, they will often be reset to the hijacked settings on reboot.
    • A changed search page may indicate that all Web searches are being monitored.

 

  1. Allowing a remote intruder to access the user¡¦s computer and perform unwanted actions, some of which can cause serious damage
    • Remote Administration Tools (RATs) are among the most dangerous Spyware threats.
    • Remote influence can allow an intruder to shut down programs, modify and delete files, and steal any and all information stored on the user¡¦s computer.

 

  1. Downloading and installing unwanted files or programs without notifying the user or requesting permission.
    • Downloader components are often labeled as the ¡§auto-update¡¨ features of larger programs. If a Spyware program is allowed to auto-update, it can download and install anything, including more Spyware or viruses and worms.
    • Download Accelerators can easily auto-download unwanted files, as can specialized file-delivery programs.
    • Downloaders are distinct from file-sharing programs like Kazaa and Grokster, which allow users to download files from each other.

 

  1. Shut down a program/process, or even disable or shut down a PC
    • Plenty of Spyware is poorly written and prone to crashing, often locking up the user¡¦s machine.
    • Some Spyware intentionally disables security software like firewalls and anti-virus programs.
    • Remote Administration Tools (RATs) often allow intruders to shut down or restart the user¡¦s computer.

 

  1. Uses a modem-connected phone-line to call pay-per-minute phone services or phone-based payment lines
    • Programs called dialers can use a phone connected to the user¡¦s computer to call adult pay-per-minute phone services
    • Certain pornographic websites allow patrons to pay their monthly fee by using a dialer program
    • Dialers can be automatically installed by certain websites using ActiveX scripts

 

  1. Exploits a security vulnerability in another program
    • Many legitimate applications have loopholes or flaws in their code that hackers exploit for a variety of reasons.
    • Security exploits are often used to access a user¡¦s computer and gain remote influence.
    • Some hackers attack security vulnerabilities purely for recognition or to point out flaws in a respected application.

 

  1. Floods an Internet connection or network
    • Flooder programs send massive amounts of data to a computer or network in an attempt to overload and disable the connection.
    • Network floods can cost businesses thousands or even millions in lost productivity.
    • Denial of Service (DoS) attacks are group attacks that employ multiple computers in an attempt to shutdown a website or network.

 

  1. Distributes a Spyware threat, virus, worm, or Trojan
    • Some Spyware applications attempt to transmit threats over file-sharing networks.
    • Some threats can collect e-mail addresses stored on a user¡¦s computer and mass e-mail dangerous files.
    • Worms and viruses are more likely to distribute threats, but some Spyware exhibits virus-like behaviour.