Displays Ads, Spyware, Nasty Ware
SPYWARE TOOLS AND INFORMATION
SPYWARE
Below are some of the most common
Spyware symptoms and characteristics. Spyware can perform functions other
than the ones listed here, and many spyware programs will perform more
than one of the listed functions. ParetoLogic uses this list to describe
applications within our Anti-Spyware database and to also evaluate its
behavior and relative threat level.
Displays Ads
These applications
display advertising in an intrusive or unethical manner. Many Adware
programs download and display pop-up or pop-under ads (which appear in
their own browser windows) while the user surfs the Web. More malicious
programs display ads even when the user is not surfing the Web, and some
Adware programs are difficult or impossible to uninstall without a
removal tool or anti-spyware program. Certain applications, like
file-sharing programs and media players, are ad-supported, meaning they
are offered to the user at no cost, but will display ads in order to earn
revenue. These programs often state expressly that they are ad-supported,
and it is the user's decision to use such software. Ads are most often
displayed in Web browser windows. If the user experiences ad windows
popping up at random, ad-related links appearing alongside the results of
Web searches, or unrequested Web pages loading and offering a product,
the user's computer is likely infected with Adware.
Records Personal Data / Keystrokes
Spyware programs specialize in recording personal
data about the user or the user's computer. Spyware programs called
keyloggers record all keystrokes to a log file, which can often be
automatically e-mailed to a third-party or third-party Web server.
Surveillance programs can record data about a user's Internet activity,
program usage, and security settings. Some surveillance programs can even
capture images of the user's desktop and send them to a third-party,
allowing him or her to see what the user is doing. Password Capture
programs focus on stealing passwords and logins from the user's computer.
By definition, Spyware collects information about a user's web activity,
which may include personal or sensitive information, for the benefit of a
third party. A program that covertly records data that should be kept
private is likely a threat to the user's privacy and security.
Hijacks Internet Browser
Many threats
have browser hijacking capabilities. A browser hijacker is a program that
changes the settings of a Web browser (often Internet Explorer, but
others as well). Most common are homepage hijackers, which re-set the
user's homepage and make it difficult to change. Browser hijackers will
also co-opt the browser's Search feature, routing searches through an
unexpected search engine or server. Often these hijackers record
information about the user's Web searches. Browser hijackers can change
the browser's default error page and even affect the Address Bar (in
which URLs are typed), recasting all mistyped URLs to direct a user to a
specific Web site. Browser hijackers often serve as intrusive advertising
and Spyware, collecting information about the user's Web activity. Some
hijackers will even block access to security-related Web sites.
Allows Remote Influence
Perhaps one of
the most feared aspects of Spyware, remote influence refers to an
intruder's ability to use, influence, or control a user's computer via
the Internet. That is, if a user's computer is infected with a threat
(like a Trojan or a RAT) that allows remote influence, the intruder will
be able to send commands to the user computer, instructing it to perform
a number of actions, which often include file deletion, uploading and
downloading, installing programs, disabling applications, participating
in attacks on Web servers, propagating a threat or virus, or even
deleting all the data on a user's computer. Programs that allow remote
influence are among the most dangerous Internet threats and should be
dealt with quickly.
Downloads Unsolicited Files
Some
Internet threats will attempt to download and install files onto the
user's computer without the user's knowledge. A program devoted
specifically to this function is called a downloader. Downloaders will
usually not inform the user that they are downloading or installing code.
Outright malicious downloaders will connect to remote servers and
download harmful Trojans, worms, or viruses onto a user's computer. More
commonly, Adware programs include downloader functionality in order to
download ads and update themselves when necessary. Some Adware and
Spyware programs will attempt to download and install other advertising
and surveillance software. When a program downloads unsolicited files, it
is downloading code that the user has not requested and most likely does
not want. This kind of program can download and install virtually
anything, from the most benign annoyance to the most crippling worm, and
is a serious concern.
Disables Program/System
A threat that
can disable a program or process is a source of alarm. One that can
disable an entire system is even more offensive, and, unfortunately, more
common. Many Trojans and Remote Administration Tools (RATs) allow a
remote intruder to access the user's computer via the Internet and
initiate a shutdown or restart. Other threats attempt to disable certain
programs, often security or anti-virus programs, by simply ending the
running processes of said programs. Even programs that function on their
own, without an intruder's instructions, can disable applications and
perform shutdowns and restarts. If an application that should be
functioning is not, or if the user's computer is intermittently shutting
down or restarting for no reason, the computer may be infected with a
threat with disabling functionality.
Makes Unauthorized Phone Calls
If a
user's computer is connected to a phone line via a modem, the computer
has access to telephone networks. Certain Internet threats will attempt
to access a user's phone line through his or her computer. Programs
called "dialers" use the infected computer to make phone calls
to pay-per-minute phone services or long-distance numbers. Dialers are
sometimes used to collect Web site fees, particularly fees for pay porn
sites. In addition to making expensive phone calls, some dialer programs
will connect you to an Internet porn site and will automatically charge
you for access, with the charge appearing on your next phone bill.
Exploits a Security Flaw
Many
Internet threats gain access to a user's computer, a network or a program
by exploiting vulnerabilities in the code of other programs. Many threats
exploit flaws or vulnerabilities in Microsoft software. For this reason,
Microsoft is continually issuing security fixes and critical updates to
address these threats. An exploit is a program that specifically targets
a programming loophole or mistake in another program. Some flaws or
vulnerabilities allow remote intruders to access a user's computer.
Hackers and rogue programmers are always on the lookout for security
flaws, as they provide the most reliable means to invade or attack a
remote computer or a network.
Floods Internet Connection
Some
threats, often Trojans, are designed to interrupt or temporarily disable
a connection to the Internet. One of the easiest ways to cripple an
Internet connection is to send it massive amounts of data, far too much
for it to process. In such an event, the connection will become unusable
for a period of time and may even be disabled by the user's Internet
Service Provider (ISP). Certain Trojans allow a remote intruder to
specify an IP address to flood. All computers and networks on the
Internet have a unique IP address, to which data can be sent. The data
used to flood a connection need not be anything other than gibberish,
text or numbers or any single file repeatedly and quickly transferred to
the specified IP. Flooder programs are less common now than they were in
the late '90s, but they still represent a considerable danger,
particularly for users or businesses that rely on the Internet for
professional purposes.
Distributes Threats
Many viruses,
worms and other Malware are designed to spread quickly and easily
throughout networks, from computer to computer. For instance,
mass-mailing worms collect e-mail addresses stored on a user's PC and
e-mail themselves to the collected addresses. Certain Trojans and worms
install infected files with the names of popular downloads into the
shared folders of peer-to-peer file-sharing programs like some music
download sites. When users download and execute these falsely named
files, their computers are infected with the worm or Trojan. It's
important to note, much of the spam e-mail we receive is sent from
worm-infected computers that happen to contain our e-mail addresses.
These computers may be those of our friends, employers or the businesses
we patronize. By allowing Spyware and Malware to infect our computers, we
are often putting other computers at risk of infection.
Tracks Browsing Activity (with installed
applications)
A large number of Adware programs
track the user's browsing activity, storing website URLs and
click-through information in a log file (often text or XML). Other
programs directly transmit the information to the vendor for analysis. By
examining the user's Web usage, the vendor learns how to better tailor
and target advertising. More malicious Spyware programs will record the
same information, but distribute it to dozens or hundreds of advertisers
for compensation. In either case, the user's activity is being tracked
surreptitiously and may be exploited for commercial gain.
Tracks Browsing Activity (with cookies
only)
Standard cookies are not inherently dangerous,
but they can be misused and exploited. A Tracking Cookie stores
information about a PC user's interaction with a specific website, but
also allows a distinct and apparently unrelated website to access the
same information. If more than one website can access a cookie that has
been placed on a user's PC, that cookie poses a security and privacy
risk. Tracking cookies allow vendors to analyze the user's browsing
behavior for marketing purposes.
Installs Without User Consent
A PC
user should have an understanding of, and control over, all software
installed on his or her machine. Downloadable and Web-based applications
must obtain user consent before they can legally be installed on a user's
PC. If a program does not ask the user's permission and does not present
an End-User License Agreement (EULA) detailing the agreement, then the
vendor of the program has not obtained consent. A user may consent to
installation by clicking a button labeled "Yes" or
"Install" or "I Agree". If the application displays a
message requesting the user's consent but installs regardless of how the
user responds to the request, that program has not obtained user consent.
In short, all downloadable and Web-based applications must clearly
request the user's consent before installing any software on the user's
PC.
Inadequate Uninstall Procedures
All
applications installed on a user's PC should have a clear and simple
method of uninstallation. For instance, every installed software
application should be visible in Windows "Add or Remove
Programs" control panel. The panel allows PC users to easily select
and remove unwanted software. If a program is installed on your PC but
cannot be removed with the Add or Remove Programs panel, it should have
its own "Uninstall" icon visible in the program's folder or in
the Start Menu. If the user struggles to uninstall a piece of software
because the vendor has not provided at least one clear and simple method
of uninstallation, that software has not provided adequate uninstall
procedures.
Insufficient Privacy Disclosure and
Consent
All software applications must disclose
potential privacy risks to the user and obtain user consent in a clear
and logical manner. An End-User License Agreement (EULA) informs the user
of what they agree to upon installing a piece of software. The EULA
should point out any methods of data gathering and behavior monitoring.
If the application monitors Web usage or logs visited URLs, or installs
other software bundled with the application, the EULA should inform the
user of that functionality before the user can install the application.
If the application installs onto the user's machine without disclosing
all potential privacy risks, the vendor has not provided sufficient
disclosure or effectively requested consent. The user cannot consent to
installing a piece of software that has hidden functionality.
Furthermore, if the software allows the user to give consent in an
illogical manner (for example, by clicking "No" or
"Cancel"), the application has not provided a viable means of
giving consent.
Uses Excessive System
Resources
Whether they are poorly designed or
intentionally malicious, these programs hog a PC's memory and monopolize
CPU processing time. This often results in your system becoming
noticeably slow and may cause other programs to crash or function
unexpectedly. A large number of Trojan horse programs and worms overuse
system resources intentionally, while other applications simply contain
programming errors and memory leaks that result in the degradation of
system performance or undesirable system behavior.