Spyware Overview

An introduction to the various types of software that can steal information from your computer.

Dates & Revisions

Originally posted: October 24, 2004

What In The World Is "Spyware" And Why Should I Care About It?

In today's interconnected computing environment, most computers are attached (directly or indirectly) to the Internet. Because of this interconnectivity, it has become extremely simple to monitor, record, and even alter the everyday functions that people perform on their computers. Of course, these spy-like activities often take place without the user's knowledge or permission and certainly constitute unethical (and usually illegal) activity. In many cases, spyware can run undetected by the end-user, but in more severe cases may cause computers to lockup, run slowly, or perform completely different functions than expected.

The collection of software that performs these annoying activities is collectively called spyware. There are actually many different types of spyware (detailed below), but the general term of "spyware" is collectively used to refer to any unwanted software that is designed to take information from a computer user without his/her knowledge.

Two of the biggest mistakes that most computer users make are thinking that spyware is a new phenomenon and thinking that spyware and viruses are the same things. Spyware has been around in one form or another almost since the beginning of computing, but has recently become extremely widespread with the increasing use of the Internet. Unlike viruses or worms, spyware generally does not reproduce itself or find ways to travel by itself from one computer to another. Instead, spyware typically relies on the unsuspecting user to install the software (see below). However, several newer versions of anti-virus software are beginning to detect and remove some of the worst types of spyware in much the same manner as they treat viruses - but be aware that most types of spyware remain undetected and unaddressed by even the best anti-virus programs simply because spyware and viruses are two entirely different things.

Now you may think that you don't have any sensitive information on your computer, but if you've ever used your computer to prepare your taxes, track your investments, purchase something online, review an online bank/account statement, research a medical/health issue, exchange e-mail, or view anything that you wouldn't want made public, you may want to think again. The fact is that sensitive information doesn't need to be stored on your computer to be vulnerable to spyware - it only has to pass through your computer.

Fair warning: unless you have carefully removed all spyware from your system in the last couple of minutes, chances are excellent that you have at least some spyware present on your computer. If you don't think that this is a problem that could affect you, it probably already has.

What Are The Different Types Of Spyware And What Do They Do?

There are many different types of spyware, the most often encountered are described in the table below. Keep in mind that this is not an exhaustive list - new types of spyware are being created all the time. As spyware becomes more complex, many spyware programs take on features of several of the different types described below. Spyware writers are always trying to come up with new ways to make their programs undetectable and harder to remove.

Adware	This is probably the most noticeable form of spyware to the average computer user. You're browsing the Internet and suddenly you have numerous windows popping up with all kinds of advertisements. Closing the ad windows only causes new ads to appear. Navigating to a different web site does not stop the ads from popping up. Even after you close your web browser, ads may continue to appear. Adware is a form of spyware designed to show you advertisements. While the ads are usually harmless themselves, the distraction they present can be annoying and their content can often be offensive. In many cases, spyware that tracks and controls the ads is permanently installed on your computer. In other cases, the adware may depend on your web browser to download and display the ads in new browser windows that are known as pop-up or pop-under windows depending on where these new windows appear in relation to your current browser window. In all cases, this form of spyware causes your computer to waste resources to download and display the ads. In the worst cases, the resources required to download and display ads can be so great that your computer is unable to perform the functions you really want to do. Your computer may become unstable while these programs are running, all of your Internet bandwidth may be used to download ads, and legitimate programs (e-mail, browsers, word processors, etc.) may appear to stop working due to the overhead imposed on the system by the adware.
Tracking cookies	If you have ever used the Internet to view a web site, chances are excellent that you have tracking cookies on your computer. Cookies are small files created by some web sites to track your activity on their site - they may temporarily hold your name, your current location within the site, or remember the contents of your shopping cart as you move throughout the site. Cookies by themselves are not bad - in fact, many legitimate sites require cookies to work properly. However, the spyware versions of tracking cookies employed by some sites are used to record detailed information that can uniquely identify you, your computer, your IP address, sites you've visited, activities you've performed, etc. Whenever you visit a web site that knows how to read this information, the recorded information is transmitted back to an individual or group who can then use that information for their own purposes. Spyware tracking cookies are often employed by online advertising/research firms who then use the information to send you spam (junk e-mail), install adware on your computer, or bombard you with pop-up/pop-under windows containing ads. These advertising/research firms often place code on a wide variety of web sites (in the forms of banner ads, automatic code downloads, or enticing links) in an attempt to track the usage of as many Internet users as possible. As you travel across the Internet, the code that these firms have placed into the various web sites can track where you have been before and display ads that should interest you based upon your previous Internet usage. Information gathered about you is often sold to a wide variety of scammers and spammers - basically anyone who is willing to pay for it - and this can result in a violation of your privacy, as well as an onslaught of additional unwanted offers.
Browser hijackers	This class of spyware programs does exactly what the name implies - hijacks your browser and redirects it somewhere else. The hijacking can take place in several different ways. Some hijackers simply change your browser's home page to point to a site of their choosing - this site is usually dedicated to advertising a particular line of products or services intended to make money for the company sponsoring the hijacking spyware. In most cases, the services are completely unwanted and the ads may contain offensive material. Most such sites take on the appearance of a search engine or portal, featuring links to pornography, online gambling, pirated software (warez sites), and sexual enhancement products. Even if you change the default home page through your browser's options screen, it is usually changed back to the offending page the next time you reboot your computer. Other hijackers change your browser's default search page. Click on the search button in your browser, and you're instantly taken to a page like the one just described above. Still other hijackers actually sit in the background waiting for you to type in the name of a particular URL, then redirect your browser to a site of their choice. Yahoo and Google are usually targeted for this type of behavior. Typing in an innocent request to send your browser to www.google.com may result in the browser sending you to a site such as the one described above. Some of the more devious browser hijackers will actually keep you from accessing most of the common antivirus and anti-spyware sites, which means that you can't download tools from the infected computer to remove the spyware.
Loggers, keystroke recorders, password recorders, and screen recorders	This category of spyware exists to record (and possibly transmit) what you are doing on your computer. Loggers record information such as which web sites you've visited, which programs you've run, etc. Keystroke recorders keep a file of every keystroke that you made while using the computer. You can imagine how damaging this type of spyware can be if you have been typing sensitive e-mails or instant messages, or if you have entered a credit card number or account number while online. Password recorders are specialized versions on keystroke recorders that record the keystrokes you make when entering passwords into certain programs or web sites. In many cases, these passwords just show up on the screen as asterisks when you type them, but the password recorder sees (and records) the actual keystrokes. Screen recorders actually record a series of graphic images of your actual screen contents on a periodic basis. This means that not only the information that you typed can be captured, but also the content of any information that you have received from a web site or information that has been sent to you from someone else - as long as it is visible on the screen, such information is readily available to the spyware. Most of these types of programs not only record the information mentioned above, but can periodically transfer the information to another computer when you are online. With file compression and a high-speed Internet connection, the transmission is hardly noticeable on the average computer. The criminals who take advantage of these types of spyware often use the information to gain access to accounts for purposes of robbery or identity theft.
Modem hijackers and autodialers	These types of spyware can not only cost you in terms of privacy, they can actually cost you in terms of money as well. Modem hijackers and autodialers attempt to take over your computer's modem and periodically dial long distance numbers to connect to private networks. Some of these programs will even attempt to dial special "900" numbers which are high-priced per-minute numbers - you've seen these advertised on sleazy late night TV commercials for phone sex, psychic readings, and similar services for rates in the range of $4 or $5 per minute. If you get infected with this type of spyware and the spyware is actually able to dial out and connect with these services, the charges will appear on your telephone bill and you will have to convince your phone company to remove the charges from your account. Needless to say, this is not something you want. Modem hijackers and autodialers are most commonly seen attempting to dial private computer networks which host pornography or pirated software. Successful connections to these private networks usually results in additional spyware being transferred to your computer as well.
Malware and trojans	Malware is the general term used to define spyware which exists to maliciously do some type of damage to your computer. This damage usually consists of preventing your legitimate programs from running properly or deleting programs which are intended to keep your computer safe (anti-virus programs, spyware removal programs, etc.) Trojans are a form of malware which are so named because they function in the same manner as the Trojan horse. These programs appear to be something useful or desirable (such as a handy utility or screensaver), but in reality these programs are simply disguises for much more sinister code that is meant to do damage to your computer. Once you download and install these programs, the spyware contained within has full access to your computer.
Remote administration	Remote administration programs are a form of spyware that enables someone else to secretly administer your computer whenever it is connected to the Internet. With such software in place, a hacker can install or uninstall programs from your system, read or copy files, and even execute programs without your knowledge. In effect, everything on your computer becomes available to the attacker.
Commercial spyware programs	More and more, this type of spyware is being marketed to the public as a legitimate way to discover what people are doing on your computer. Need to find out if your spouse is having an online affair or communicating with a particular person? Is a family member gambling online? Want to know what your child is talking about in all of that instant messaging? Many products now exist that allow you to secretly record the activity that takes place on a computer and review it at your leisure. As long as you place this type of spyware on a computer that you own, such activity is (mostly) legal - unlike such activity on a telephone, there is currently little law directly addressing "computer wiretaps" and enforcing the few laws that exist is difficult at best. Of course, there is nothing to stop someone from legally purchasing one of these programs and installing it on a computer they don't own - like yours!

How (And Why) Does Spyware Get Onto My Computer?

Why does spyware exist anyway? Because nothing on the Internet is truly free. In our never-ending quest to get something for nothing, we often overlook the fact that all of the free information and software that can be obtained via the Internet cost somebody time, money, and effort to produce. In many cases, the publishers can recoup these costs by selling information about its programs' users (you) to advertisers. This is how many publishers make money on software that you perceive as "free."

However, in some cases that information can be sold to less scrupulous people - those who would use such information to defraud or rob you of your hard-earned money. While there are legal (although arguably unethical) reasons for spyware to exist, there are also many illegal activities that can result from the installation of spyware.

Companies and individuals who push spyware onto your computer are relying on you for three things: your desire to get something for nothing, your gullibility, and your lack of understanding about how your computer and its programs work.

Most spyware finds its way onto your computer system via the Internet, but there are other ways for it to get installed as well. Let's take a look at the major ways that spyware gets installed:

Intentionally installing file-sharing or freeware software onto your computer.	This is easily the number one way to ensure that you have spyware present on your computer. Download the installation program for a popular peer-to-peer file sharing network and install it - not only do you get the software you bargained for, but you also get spyware installed at the same time. Don't think it's true? - read the online license agreement that comes with the software. There (buried in the fine legalese that no one really bothers to read) you will usually find that by installing the file sharing software, you agree to have additional unrelated programs also installed on your computer. In many cases, the file-sharing software won't even function if the spyware is removed. The same holds true for many popular freeware programs that you can download from various Internet sites to enhance your computing experience. Many desktop themes, screen savers, browser toolbars, search assistants, e-mail program enhancements, utility programs (price-comparison utilities, weather services, horoscope services, etc.), and games will secretly install spyware onto your system. Of course, not all file-sharing or freeware software is upfront or honest enough to tell you that you are installing spyware - in many cases, the spyware just gets installed secretly. On the other hand, not all freeware contains spyware, but it is up to you to understand exactly what is being installed. When in doubt, check it out or do without.
Visiting malicious web sites.	Some web sites exist solely to push spyware onto your computer. Click on a link and suddenly you're transported to a web site that seems to take a little longer than expected to load. Or maybe as the web site begins to load, you suddenly get bombarded with additional browser windows opening and closing on their own. That activity usually indicates the automatic download and installation of spyware by your very own trusted Internet browser as a result of processing the code of the original site. Many sites that perform this type of automated spyware installation do the installation in the background while your browser is loading the web page - you never have a chance to avoid (or detect) the spyware installation. Others web sites may simply push spyware onto you through a third-party. A banner ad or frame on a web page may actually be a portal through which you are downloading and installing spyware from a third-party advertising firm. In these cases, the original web site may have sold advertising space to the offending company and may even be completely unaware that the advertisement contains code designed to infect your computer with spyware. Regardless of intent, you get spyware on your computer just the same. Visiting sites that contain pornography, pirated software, illegal downloads, or other questionable material is almost a guaranteed way to get spyware onto your computer. However, many "innocent" looking web sites (especially those that contain lots of ads for things that are totally unrelated to the content of the site) can install spyware onto your computer as well. As a general rule, most web sites of established, well-known companies are OK, but smaller web sites that look like they were quickly thrown together and contain lots of ads for third-party products or services usually contain spyware.
Failing to read or understand messages that pop up on your computer before clicking OK or Yes.	What you don't know can hurt you. Many users who don't know better mistakenly assume that if the computer asks them to do something, they should do it. This has resulted in a large base of users who don't bother to read warning messages or simply don't bother to understand what they are being asked - they just instinctively click OK or Yes to get the message off the screen. In many cases, web browsers and operating systems will ask you (the user) if you really want to install a program - in effect, they give you a chance to back out of the transaction before the software actually installs. When these warnings appear unexpectedly (especially when visiting unfamiliar web sites), clicking OK or Yes without fully understanding what is being installed is asking for trouble. A similar approach is employed by ads or links that entice naive users to click on them to see if their computers are infected with spyware or to receive a free scan to determine if spyware is present. In many cases, these ads are designed to look like actual operating system windows or warnings - clicking on any part of them (even the part which looks like a Cancel button) causes your browser to be redirected to a web site which usually installs spyware on your computer.
Having spyware intentionally installed by someone who has access to your computer.	As the name implies, spyware is used to spy on you, and sometimes the people who want to spy on you are the people you least suspect. Employers, spouses, lovers, friends, family members - quite frankly anyone who has physical access to your computer - may want to know who you are talking to, what you are viewing, or what you are doing with your computer. Numerous programs for monitoring and recording your computing activity are sold every day for purposes ranging from "find out if your spouse is cheating," to "are your employees goofing off/making personal investments on company time," to "discover if someone in your household is viewing porn/gambling online/etc." These programs can literally record everything you view and/or type during your time on your computer - including information that you may not want to be known. The person who installed the software can later access these records and use the information for whatever purposes they see fit.
Opening spam HTML e-mails and/or clicking on links in spam e-mails.	HTML e-mails are e-mails that use the HTML language (the same language that web pages use to display). You've probably seen these types of e-mails - they usually have flashy graphics and/or colorful fonts and they stand out from the "text-only" e-mails that you usually receive from friends or colleagues. Spam e-mail is the "junk" e-mail that arrives from someone you've never heard of who is trying to sell you something. Just the act of opening a spam HTML e-mail (or previewing it if your e-mail program has this capability) can mean the same thing as visiting a web site: spyware can end up on your computer through the processing of the HTML code. The same holds true whenever you click on a link in a spam e-mail. In this case, your web browser is opened and you are actually taken to a web site where you supposedly can view more information about the offer. In reality, what usually happens is that spyware is installed onto your computer along with the download of the web site.
Failing to keep your system patched.	Many spyware programs rely on security flaws in your web browser and operating system to install and work effectively. Because many computer users don't apply the latest security and bug fixes to their computers, known loopholes are left wide open for spyware to use. In many cases, simply applying known bug and security fixes can prevent many spyware programs from installing or working in the first place.
Failing to use a firewall.	By simply installing and properly configuring a firewall for your computer's Internet connection, many spyware programs can be prevented from communicating with the world outside your computer, effectively reducing or eliminating the dissemination of your information.

How Can I Get Rid Of The Spyware That's On My Computer?

There are many tools available in the marketplace that can detect and/or remove spyware from a computer system. Our experience with several of these tools have shown that there is not a single tool that can completely and reliably clean all spyware from a system. Some tools cannot completely remove some types of spyware, other tools cannot detect every type of spyware. In most cases, it is best to use a combination of tools to ensure that your system is clean.

Simply cleaning spyware from your computer once will not ensure that you will never be infected with it again. With regular Internet usage, your computer will slowly pick up new forms of spyware. Preventing spyware from appearing on your computer in the first place is a combination of changing your browsing habits, setting high security levels within your browser and e-mail programs, properly installing and configuring a firewall, blocking certain sites from your browser, applying security patches and bug fixes, immunizing your browser against automatic installation of certain types of helper objects and ActiveX controls, periodically updating your spyware removal software with the latest signature files to allow it to detect new forms of spyware, and of course - periodically running spyware detection/removal programs to clean your computer if it is infected.

Rather Have Someone Else Deal With The Headaches?

If you are unable to remove spyware from your systems yourself or are unsure how to proceed, contact Logical Operators by clicking here and arrange to have one of our service technicians check your system and implement these guidelines for you (standard service fees will apply). In addition to correcting problem(s) and implementing guidelines, our technicians can also test your system for thousands of known threats which may be present on your system, make valuable recommendations for your particular needs, and perform numerous other computing services.