Monday, 15 July 2013

What is Spyware?

Spyware is a general term for malware that is installed on a computer by infected pages on the Internet, or comes from software and other packages that was installed on the computer by the user. Incorrectly labeled as viruses, spyware has proliferated over the last 8-10 years (since about 2000) and has caused many computer users to have major headaches, causing computer reformats and file loss. This type of software is what this document is going to concentrate on.
Spyware can come in the form of Ad-ware, Hijackers, tracking cookies (although not all tracking cookies are bad), rogue security software, ransom-ware (an advanced rogue security software), and keyloggers. New types of spyware include rootkits which can be very difficult, if not impossible to remove from a computer system. I will speak more on that later. The primary point of spyware, however, is that it is a piece of software installed on a computer system without the user's consent or knowledge, and is typically very difficult (or seemingly difficult) to remove.
Many spyware programs are installed by way of Trojans where a piece of software is installed on the computer from the Internet. The spyware is installed unknowingly by the user at the same time as the "software" giving the malware free reign of the computer. Software that installs this way includes free screensavers, free games, programs from torrents, programs from file sharing (such as Limewire), and other rogue software.
Other spyware programs are installed by way of infected web pages. If you see a page with a popup that comes up and says something like "Warning: Your computer is infected with 99999 viruses. Click here to perform a scan of your computer," you are witnessing an infected web page and rogue software that is trying to get on your computer.

Ad-ware includes pop-ups, pop-unders, and other advertisements that appear on a computer by way of software that is unknowingly installed on the system. The primary purpose of adware is to get users to click on advertisements which earn money for the person that made the software.
Hijackers (browser hijackers) literally hijack a web browser and take the user to places other than where the user wanted to go. Most of the time even the homepage gets hijacked. Again, the purpose of a hijacker is money - when users click on the links on the hijacked page, the malware maker receives a payout. Hijackers operate technically at several different levels including registry changes, Hosts file changes, browser add-on changes, LSP (Layered Service Protocol) Hijacks, and homepage changes. Removing browser hijackers can result in browser connectivity loss which requires additional (and more experienced) diagnostics and cleaning.
Keyloggers can determine what the user is doing on the computer and record the keystrokes of the user while logging into banking pages, eBay, Paypal, and other websites important to the user. The keylogger software then transmits this information to the "Home" server (also known as "calling home") where the bad guys can decipher the information and use it to gain user credit card, banking, and other identity stealing information.
Rogue security software and their more dangerous cousins, ransom-ware, are the latest types of malware to cause problems for computer users. The rogue security software pretends to be useful security software, and is generally installed by way of infected web pages in the form of a popup that states the computer is infected with so many thousands of viruses (also known as drive-by download). This scares the user into clicking on Scan Now or OK, which really just installs the malware. The software doesn't actually detect anything at all, even though it says it does. It then offers to clean the computer for the price of the software. Paying for the software just changes the routine a bit, with the software stating it cleaned all of the infections. Examples of this malware include Spy Sheriff (one of the originals), Antivirus 2009, Antivirus 2010, Security Tool, and Security Essentials 2010.
Ransom-ware is similar in nature to rogue security software, but the effects are much worse. Not only does it want to be paid for, but it will not allow for proper operation of the computer until it does get paid for. Even worse, some of the malware of this type also encrypts all of the data files on the computer - documents, pictures, music, everything, with a 128 bit key that only the programmer knows. Recovering the data is nearly impossible unless the data was backed up onto an external drive, or the user pays the ransom. This software is installed in the same manner as the rogue security software.
The nature of malware programs and why anti-virus software cannot protect you in many cases.
Malware is created by people that understand computers, operating systems, and browsers MUCH better than the average Joe, AND know how to program the computer - and they can be located anywhere in the world. They make their creations, test them, and then send them out of the nest to fly (and infect) on their own. The malware is tested against every browser and operating system the bad guys can get their hands on, and they do their best to take advantage of ANY security holes still available in the software and operating systems.
Many times they learn about these security holes from other hackers, and sometimes they even learn about them from other people that just find them without any intent to harm. Then the malware creators advertise their infected web pages on search engines, or maybe purposely misspell a popular domain name, or upload (some great looking, but infected, software that promises the world to the user) on a website or possibly even a shareware site. The software starts to infect computers, slowly.

Article Source:

No comments:

Post a Comment