Many users vaguely understand the security risks, privacy invasions, and performance costs associated with having spyware secretly and maliciously installed on their computers. Fewer users know the many forms spyware takes and the truly evil activities it performs. Beyond a general sense that spyware is uninvited, malicious software, average users know very little about it.
Until recently, people have dismissed spyware as less important to contend with than viruses and spam. I believe spyware poses an even greater threat than viruses and spam. Spyware can be as debilitating as the nastiest of viruses. The financial threats spyware poses are far ranging and more serious than e-mail credit card scams (phishing), and the privacy issues and liabilities spyware exposes are grim. Small and medium business must understand what spyware is and the threats spyware poses. In this, the first of two articles, I'll explain why spyware represents greater risk than you might have realized. In the second article, we'll analyze spyware solutions, and pick the best.
A spyware sampler
To simply call spyware uninvited softwareis misleading. Spyware installed on your PC can modify the Windows Registry and add dynamic link libraries (DLLs) and download program files (DPFs, e.g., hostile ActiveX or Java VM objects) to your system. Some spyware exploits Web browsers (especially Internet Explorer) by installing ActiveX controls, browser helper objects (BHO), and toolbars, or by modifying browser Internet options, including home pages, favorites lists, and context menu items. Some spyware even alters TCP/IP settings and hosts files.
Online spyware encyclopedia and glossaries identify tens of thousands of malicious code considered spyware. Some commonly encountered types of spyware include:
* Browser session hijackers
* Remote Administration Tools (RATs)
* Tracking agents
* Double agent spyware.
Let's take a brief look at how each of these adds to your risk.
Not all adware is (technically) spyware, but many experts feel that even permission-ware is spyware when it delivers unsolicited advertising. Common delivery methods include unrequested browser windows (popups) and ad-sponsored applications. There are currently nearly 800 ad-sponsored and spyware-encumbered software offerings. This diverse group includes free versions of games (Midnight Oil Solitaire); FTP clients (FTP Works); e-mail clients (Eudora; music players; Web and system utility software; and more, often coming with a catch. The software developer receives revenue from advertisers who display advertising in windows or toolbar features of the so-called freeware. Some adware (e.g., FlashTrack) tracks a user's Web activities and search queries. It then sends this information to advertising servers like Aureate and Aveo, which return targeted advertising (commonly, popup ads) based on keywords and phrases. As many parents know, even seemingly benign keywords like "kittens" can expose their children to objectionable material, including pornography.
Browser session hijacking is a kind of virtual world bait-and-switch. Spyware (Icoo, WurldMedia, Xupiter Toolbar, Lop, BonziBuddy, CoolWebSearch) redirects browser sessions and search queries, taking users to Web sites and search engines they didn't intend to visit. The hijacked user can be exposed to undesirable or suspect content and advertising. The hijackers earn referral commissions and affiliate fees by selectively referring the user to an e-commerce site that offers some service or product similar to the site the user intended.
Certain Remote Administration Tools (RATs) and keyloggers are examples of Trojan horse spyware. As the names imply, these give attackers administrative control, or extraordinary eavesdropping and intercept capabilities. Acting remotely, an attacker can intercept and log user keystrokes, monitor application and browser activities, and even intercept WebCam streams. BackOrifice and Sub7 are examples of attacker RATs and pose a DDoS threat. Commercial RATs like NetObserve and Spyagent are ostensibly sold for "legitimate tracking" by managers, parents and suspicious spouses.