Spyware Attacks

Spyware Defined

Spyware is software that subverts your computer's operation for the benefit of another person or company. Spyware has become the most numerous and damaging malware found on personal computers today. Spyware by design exploits infected computers for commercial gain. Typical tactics furthering this goal include

• Delivery of unsolicited pop-up advertisements
• Theft of personal information (including financial information such as credit card numbers)
• Monitoring of Web-browsing activity for marketing purposes.

Unlike viruses and worms, spyware does not usually self-replicate. It is installed onto your PC in a surruptitious manner. You don't know it is there until the troubles begin. According to a November 2004 study by AOL and the National Cyber-Security Alliance, 80% of surveyed users' computers had some form of spyware, with an average of 93 spyware components per computer. 89% of surveyed users with spyware reported that they did not know of its presence, and 95% reported that they had not given permission for the installation of the spyware.

Trojans

Many spyware programs deceive the users by piggybacking on a piece of desirable software A nasty example is rogue anti-spyware programs, which masquerade as security software while actually doing damage. This is the classic Trojan horse concept: Smuggle in something dangerous in the guise of something desirable. Today, we call these trojans, but if you have read Homer, you may wish to call them greeks. Some trojan spyware examples are a Web accelerator or as a helpful software agent. Bonzi Buddy is a spyware program targeted at children. And the BearShare file-trading program, "supported" by WhenU spyware. Users download and install the software without immediately suspecting that it could cause harm.

Malicious Web Sites

Malicious Web sites can trick visitors into doing something that installs spyware without them realizing. A much-used scheme is an irritating pop-up box with an inocuous button like "Yes" and "No" or "Close". No matter which "button" the user presses, a download starts, placing the spyware on the visitor's system.

In a few cases, a worm or virus has delivered a payload of spyware. For instance, some attackers used the W32.Spybot.Worm worm to install spyware that popped up pornographic ads on the infected system's screen. By directing traffic to ads set up to channel funds to the spyware authors, they can profit even by such clearly illegal behavior.

Browser Security Holes

Some spyware authors infect a system by attacking security holes in the Web browser or in other software. When the visitor navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and install of spyware. The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a "drive-by download", which leaves the visitor a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime.

The installation of spyware frequently involves Microsoft's Internet Explorer. As the most popular Web browser, and with an unfortunate history of security issues, it has become the largest target. Its deep integration with the Windows environment and its scriptability make it an obvious point of attack into Microsoft Windows operating systems. Internet Explorer also serves as a point of attachment for spyware in the form of browser helper objects, which modify the browser's behavior to add toolbars or to redirect traffic.

In some few cases, a worm or virus has delivered a payload of spyware. For instance, some attackers used the W32.Spybot.Worm worm to install spyware that popped up pornographic ads on the infected system's screen. By directing traffic to ads set up to channel funds to the spyware authors, they can profit even by such clearly illegal behavior.