Thursday, April 13, 2006

Spyware - Know Your Enemy

By: Kenth Nasstrom

Spyware is a term that has become quite common to hear.

The term spyware refers to a broad category of malicious
software designed to intercept or take partial control of a
computer's operation without the "known" consent of that
machine's owner or user. Spyware is as a term is being used
quite loosely and includes a number of different programs. The
thing they all have in common as spyware, is that they monitor
the computer and/or user and share information with a third
party. With or without the consent of the computer's owner.

Semi spyware has become widely used and they manifest themselves
as software, plugins or help files to other programs you want or
need, and if you accept their policies and term of usage, you
also accept the fact that these semi spyware programs will be
installed and used.

They are normally not directly malicious as the secret spyware,
but they do send out information from your computer to a third
party. Most commonly some kind of habit tracing or statistics of
surfing or similar. In most cases the information is completely
anonymous and do not pose any kind of threat to you as an
individual.

Spyware - a virus or not?

Spyware differs from viruses and worms in that it does not
usually self-replicate. Like many recent viruses, however,
spyware - by design - exploits infected computers for commercial
gain.

Typical tactics furthering this goal include delivery of
unsolicited pop-up advertisements; theft of personal information
(including financial information such as credit card numbers);
monitoring of Web-browsing activity for marketing purposes; or
routing of HTTP requests to advertising sites.

These things are very hard to keep track of and know if a
spyware is alive in your computer or if pop ups and other
changes in your surfing programs behaviour should occur.

The only reliable way to know if an evil spyware is living and
thriving inside your computer, is to install and use a good
spyware removal program.

How does spyware infect?

Spyware does not spread like a computer virus or worm. Instead,
spyware installs on your computer through deception or
exploitation of software vulnerabilities.

Spyware Trojan horse!

A Trojan horse, by definition, smuggles in something dangerous
in the guise of something desirable. So spyware often hide as an
add on to some other program you really want.

Bundled Spyware

Spyware can also come bundled with shareware or other
downloadable software, as well as music CDs. The user downloads
a program (for instance, a music program or a file-trading
utility) and installs it, and the installer additionally
installs the spyware. Although the desirable software itself may
do no harm, the bundled spyware does.

Manipulating Security Features

Another way of distributing spyware involves tricking users by
manipulating security features designed to prevent unwanted
installations. Internet browsers like Internet Explorer for
example are easy targets t this method. Everybody has them and
use them online almost daily. The way you protect yourself
against this, is to always keep your operating system up to date
when it comes to security updates.

Use Microsoft Update regularly (and often).

Examples of Spyware

As with computer viruses, researchers give names to spyware
programs which frequently do not relate to any names that the
spyware-writers use. Researchers may group programs into
"families" based not on shared program code, but on common
behaviours, or by "following the money" or apparent financial or
business connections.

For instance, a number of the spyware programs distributed by
Claria are collectively known as "Gator". Likewise, programs
which are frequently installed together may be described as
parts of the same spyware package, even if they function
separately.

It is also important to know that different anti spyware program
creators and big antivirus software creators may have different
names for the save spyware. This can cause you to believe that
you have 2 or more spyware products installed when you actually
only have one, but mentioned with different names.

* CoolWebSearch, a group of programs, installs through the
exploitation of Internet Explorer vulnerabilities. The programs
direct traffic to advertisements on Web sites including
coolwebsearch. To make this happen, they display pop-up ads,
rewrite search engine results, and alter the infected computer's
hosts file to direct DNS lookups to these sites.

* Internet Optimizer, also known as DyFuCa, redirects Internet
Explorer error pages to advertising. When users follow a broken
link or enter an erroneous URL, they see a page of
advertisements. However, because password-protected Web sites
(HTTP Basic authentication) use the same mechanism as HTTP
errors, Internet Optimizer makes it impossible for the user to
access password-protected sites.

* 180 Solutions transmits extensive information to advertisers
about the Web sites which users visit. It also alters HTTP
requests for affiliate advertisements linked from a Web site, so
that the advertisements make unearned profit for the 180
Solutions company. It opens pop-up ads that cover over the Web
sites of competing companies.

Toolbars from any other then the big players like Google, Yahoo,
Msn and similar very often contains spyware to some degree today.

And even the big guns have started to incorporate "spyware like"
statistics gather from their toolbars. They do tell you about
them, and ask for your permission to install or active these
routines. But they often do it in such a convoluted way, no one
actually understand it.

So start out the day by cleaning your computer and then working.
Make sure you have a restful safe day, download, scan and clean
your computer from any spyware today ...

About the author:
Kenth "The Designer" Nasstrom writes about spyware, adware and other non wanted
software. You should find out how to remove spyware and adware
from your computer now and reduce the risks.

No comments: