Displays Ads, Spyware, Nasty Ware



Below are some of the most common Spyware symptoms and characteristics. Spyware can perform functions other than the ones listed here, and many spyware programs will perform more than one of the listed functions. ParetoLogic uses this list to describe applications within our Anti-Spyware database and to also evaluate its behavior and relative threat level.

Displays Ads

These applications display advertising in an intrusive or unethical manner. Many Adware programs download and display pop-up or pop-under ads (which appear in their own browser windows) while the user surfs the Web. More malicious programs display ads even when the user is not surfing the Web, and some Adware programs are difficult or impossible to uninstall without a removal tool or anti-spyware program. Certain applications, like file-sharing programs and media players, are ad-supported, meaning they are offered to the user at no cost, but will display ads in order to earn revenue. These programs often state expressly that they are ad-supported, and it is the user's decision to use such software. Ads are most often displayed in Web browser windows. If the user experiences ad windows popping up at random, ad-related links appearing alongside the results of Web searches, or unrequested Web pages loading and offering a product, the user's computer is likely infected with Adware.

Records Personal Data / Keystrokes

Spyware programs specialize in recording personal data about the user or the user's computer. Spyware programs called keyloggers record all keystrokes to a log file, which can often be automatically e-mailed to a third-party or third-party Web server. Surveillance programs can record data about a user's Internet activity, program usage, and security settings. Some surveillance programs can even capture images of the user's desktop and send them to a third-party, allowing him or her to see what the user is doing. Password Capture programs focus on stealing passwords and logins from the user's computer. By definition, Spyware collects information about a user's web activity, which may include personal or sensitive information, for the benefit of a third party. A program that covertly records data that should be kept private is likely a threat to the user's privacy and security.

Hijacks Internet Browser

Many threats have browser hijacking capabilities. A browser hijacker is a program that changes the settings of a Web browser (often Internet Explorer, but others as well). Most common are homepage hijackers, which re-set the user's homepage and make it difficult to change. Browser hijackers will also co-opt the browser's Search feature, routing searches through an unexpected search engine or server. Often these hijackers record information about the user's Web searches. Browser hijackers can change the browser's default error page and even affect the Address Bar (in which URLs are typed), recasting all mistyped URLs to direct a user to a specific Web site. Browser hijackers often serve as intrusive advertising and Spyware, collecting information about the user's Web activity. Some hijackers will even block access to security-related Web sites.

Allows Remote Influence

Perhaps one of the most feared aspects of Spyware, remote influence refers to an intruder's ability to use, influence, or control a user's computer via the Internet. That is, if a user's computer is infected with a threat (like a Trojan or a RAT) that allows remote influence, the intruder will be able to send commands to the user computer, instructing it to perform a number of actions, which often include file deletion, uploading and downloading, installing programs, disabling applications, participating in attacks on Web servers, propagating a threat or virus, or even deleting all the data on a user's computer. Programs that allow remote influence are among the most dangerous Internet threats and should be dealt with quickly.

Downloads Unsolicited Files

Some Internet threats will attempt to download and install files onto the user's computer without the user's knowledge. A program devoted specifically to this function is called a downloader. Downloaders will usually not inform the user that they are downloading or installing code. Outright malicious downloaders will connect to remote servers and download harmful Trojans, worms, or viruses onto a user's computer. More commonly, Adware programs include downloader functionality in order to download ads and update themselves when necessary. Some Adware and Spyware programs will attempt to download and install other advertising and surveillance software. When a program downloads unsolicited files, it is downloading code that the user has not requested and most likely does not want. This kind of program can download and install virtually anything, from the most benign annoyance to the most crippling worm, and is a serious concern.

Disables Program/System

A threat that can disable a program or process is a source of alarm. One that can disable an entire system is even more offensive, and, unfortunately, more common. Many Trojans and Remote Administration Tools (RATs) allow a remote intruder to access the user's computer via the Internet and initiate a shutdown or restart. Other threats attempt to disable certain programs, often security or anti-virus programs, by simply ending the running processes of said programs. Even programs that function on their own, without an intruder's instructions, can disable applications and perform shutdowns and restarts. If an application that should be functioning is not, or if the user's computer is intermittently shutting down or restarting for no reason, the computer may be infected with a threat with disabling functionality.

Makes Unauthorized Phone Calls

If a user's computer is connected to a phone line via a modem, the computer has access to telephone networks. Certain Internet threats will attempt to access a user's phone line through his or her computer. Programs called "dialers" use the infected computer to make phone calls to pay-per-minute phone services or long-distance numbers. Dialers are sometimes used to collect Web site fees, particularly fees for pay porn sites. In addition to making expensive phone calls, some dialer programs will connect you to an Internet porn site and will automatically charge you for access, with the charge appearing on your next phone bill.

Exploits a Security Flaw

Many Internet threats gain access to a user's computer, a network or a program by exploiting vulnerabilities in the code of other programs. Many threats exploit flaws or vulnerabilities in Microsoft software. For this reason, Microsoft is continually issuing security fixes and critical updates to address these threats. An exploit is a program that specifically targets a programming loophole or mistake in another program. Some flaws or vulnerabilities allow remote intruders to access a user's computer. Hackers and rogue programmers are always on the lookout for security flaws, as they provide the most reliable means to invade or attack a remote computer or a network.

Floods Internet Connection

Some threats, often Trojans, are designed to interrupt or temporarily disable a connection to the Internet. One of the easiest ways to cripple an Internet connection is to send it massive amounts of data, far too much for it to process. In such an event, the connection will become unusable for a period of time and may even be disabled by the user's Internet Service Provider (ISP). Certain Trojans allow a remote intruder to specify an IP address to flood. All computers and networks on the Internet have a unique IP address, to which data can be sent. The data used to flood a connection need not be anything other than gibberish, text or numbers or any single file repeatedly and quickly transferred to the specified IP. Flooder programs are less common now than they were in the late '90s, but they still represent a considerable danger, particularly for users or businesses that rely on the Internet for professional purposes.

Distributes Threats

Many viruses, worms and other Malware are designed to spread quickly and easily throughout networks, from computer to computer. For instance, mass-mailing worms collect e-mail addresses stored on a user's PC and e-mail themselves to the collected addresses. Certain Trojans and worms install infected files with the names of popular downloads into the shared folders of peer-to-peer file-sharing programs like some music download sites. When users download and execute these falsely named files, their computers are infected with the worm or Trojan. It's important to note, much of the spam e-mail we receive is sent from worm-infected computers that happen to contain our e-mail addresses. These computers may be those of our friends, employers or the businesses we patronize. By allowing Spyware and Malware to infect our computers, we are often putting other computers at risk of infection.

Tracks Browsing Activity (with installed applications)

A large number of Adware programs track the user's browsing activity, storing website URLs and click-through information in a log file (often text or XML). Other programs directly transmit the information to the vendor for analysis. By examining the user's Web usage, the vendor learns how to better tailor and target advertising. More malicious Spyware programs will record the same information, but distribute it to dozens or hundreds of advertisers for compensation. In either case, the user's activity is being tracked surreptitiously and may be exploited for commercial gain.

Tracks Browsing Activity (with cookies only)

Standard cookies are not inherently dangerous, but they can be misused and exploited. A Tracking Cookie stores information about a PC user's interaction with a specific website, but also allows a distinct and apparently unrelated website to access the same information. If more than one website can access a cookie that has been placed on a user's PC, that cookie poses a security and privacy risk. Tracking cookies allow vendors to analyze the user's browsing behavior for marketing purposes.

Installs Without User Consent

A PC user should have an understanding of, and control over, all software installed on his or her machine. Downloadable and Web-based applications must obtain user consent before they can legally be installed on a user's PC. If a program does not ask the user's permission and does not present an End-User License Agreement (EULA) detailing the agreement, then the vendor of the program has not obtained consent. A user may consent to installation by clicking a button labeled "Yes" or "Install" or "I Agree". If the application displays a message requesting the user's consent but installs regardless of how the user responds to the request, that program has not obtained user consent. In short, all downloadable and Web-based applications must clearly request the user's consent before installing any software on the user's PC.

Inadequate Uninstall Procedures

All applications installed on a user's PC should have a clear and simple method of uninstallation. For instance, every installed software application should be visible in Windows "Add or Remove Programs" control panel. The panel allows PC users to easily select and remove unwanted software. If a program is installed on your PC but cannot be removed with the Add or Remove Programs panel, it should have its own "Uninstall" icon visible in the program's folder or in the Start Menu. If the user struggles to uninstall a piece of software because the vendor has not provided at least one clear and simple method of uninstallation, that software has not provided adequate uninstall procedures.

Insufficient Privacy Disclosure and Consent

All software applications must disclose potential privacy risks to the user and obtain user consent in a clear and logical manner. An End-User License Agreement (EULA) informs the user of what they agree to upon installing a piece of software. The EULA should point out any methods of data gathering and behavior monitoring. If the application monitors Web usage or logs visited URLs, or installs other software bundled with the application, the EULA should inform the user of that functionality before the user can install the application. If the application installs onto the user's machine without disclosing all potential privacy risks, the vendor has not provided sufficient disclosure or effectively requested consent. The user cannot consent to installing a piece of software that has hidden functionality. Furthermore, if the software allows the user to give consent in an illogical manner (for example, by clicking "No" or "Cancel"), the application has not provided a viable means of giving consent.

Uses Excessive System Resources

Whether they are poorly designed or intentionally malicious, these programs hog a PC's memory and monopolize CPU processing time. This often results in your system becoming noticeably slow and may cause other programs to crash or function unexpectedly. A large number of Trojan horse programs and worms overuse system resources intentionally, while other applications simply contain programming errors and memory leaks that result in the degradation of system performance or undesirable system behavior.

  • Back To The Top    • Back To Home