Judging from its name, you’d assume spyware was simply malware that monitors your PC activities. Spyware indeed collects personal information regarding what sites you visit and for how long. However, it can also wrest control from the user. It redirects one’s browser activity and even permits the installation of additional software without one’s consent or knowledge. Spyware doesn’t infect neighbouring computers; it attacks by exploiting software loopholes. Some of its other more damaging effects include:
- Higher CPU utilisation
- Unwanted disk usage
- System crashes
- Software freezing
- Start-up failures
- Lower connection speeds
Spyware has several routes of infection. A common method is by “piggy-backing” on software downloads (such as Kazaa and Limewire). It can also come bundled with shareware. Keep in mind that the download itself is still safe, once the software is installed the spyware will be as well. Spyware authors often repackage popular freeware with installers for spyware.
Browsers such as Internet Explorer prevent any downloads from taking place without the user’s permission. Through security holes in the web browser, certain web pages can override this and install spyware on the user’s PC. This has come to be known as “drive-by download” since the user is helpless during the attack. It should be noted that later versions of IE have amended these loopholes.
Certain freeware “anti-spyware” programs can also contain spyware. There are currently over 300 listed applications. Such programs are classified as “rogue” anti- spyware programs. Examples of such malicious programs are Spy Wiper, WorldAntiSpy, Spylocked and Antivirus Gold. Many web pages associated with Adware Report, e-Spyware, NonToxic-Internet and others also come under rogue/suspect anti-spyware sites.
Finally, spyware can be delivered via viruses and worms as payload. For example, the Spybot worm causes several pornographic pop-ups to appear on the user’s screen. This directs traffic and channels funds to the spyware authors.
The most common effect of spyware is the incidence of pop up ads. These are advertisements that appear in a separate window of the browser without the active consent of the user. They are the result of the spyware gathering info on the user. This feedback results in ads specifically targetted at the user depending on the sites browsed. Rootkits are newer and more powerful types of spyware. They can hide inside system critical processes such as Safe Mode, and are harder to detect since they leave no on-disk signatures. Newer spyware programs have countermeasures against anti-malware programs, such as preventing installation/execution of the same and even uninstalling them. Gromozon is one such malware that uses alternate data streams to hide. Coupled with a rootkit, it can escape alternate data stream scanners and prevent rootkit scanners from running.
Spyware can best be defined as junk that weighs down the PC. If accumulated for a long time, eventually the computer has to be formatted and software reinstalled to regain its former speeds. A strong anti-spyware solution should be in place and regular scans conducted to eliminate spyware before it accumulates. Spybot: Search and Destroy is one of the most popular and effective anti-spyware programs available. It detects keyloggers, rootkits, tracking cookies, ActiveX objects, homepage hijackers and even some trojans. It can also create a back-up registry to repair damaged files and restore them to their state prior to infection. Spybot’s “Immunize” blocks the installation of the spyware before it happens by modifying its host file and a file shredder for secure deletion of files. The TeaTimer module provides active, real-time protection and alerts the user to any dangerous registry changes.
Spybot: S&D is commercially free, and its weekly updates add new features to keep pace with the latest threats while improving previous heuristic algorithms.