Spyware is a form of malicious software (malware) that collects information from your computer without your consent. Spyware can capture keystrokes, screen shots, authentication credentials, personal email addresses, web form data, internet usage information and other personal information. Often, this information is delivered to online attackers who use it themselves or it is sold to others for use in fraud, identity theft, spam, etc. The people who use spyware include online attackers, marketers, and organized crime groups.
Spyware can monitor almost any data in your computer or data crossing the network your computer is connected to. It is not limited to files on your hard drive. It can capture temporary data in the form of screen shots, key strokes, and data packets on the network. Some commonly targeted data include internet activity, email contacts, clip board contents, key strokes, and protected data stored in Windows such as passwords, account numbers, and credit card numbers.
There are thousands of forms of spyware. Many forms of malware act primarily as spyware while other contain features of spyware. Below are some examples:
- Browser session hijacking. This class of spyware attempts to modify the internet users' browser settings. It can be installed a number of different ways, but it's main intent is to change the browser settings to direct the user to sites determined by the author of the malware. For instance, the spyware could change the "home page", or the page that appears when you first connect to the internet and open your browser. The author of the malware may then receive a commission for your visit to that site.
- Browser Helper Objects. Browser Helper Objects (BHOs) are a feature of Internet Explorer (IE) that can be exploited by spyware. Many times, BHOs are installed in a "drive by" technique. The code can be installed or be requested to be installed as a user simply visits a compromised or malicious web site. One technology often used in this type of installation is Active X. The malicious code could be hidden in a pop up and installed, unknown to the user, when the pop up window is closed. Another technique may be to repeatedly request the user to install a program and only cease the request when the user finally agrees or leaves the site.
- Cookies and Web Bugs. Cookies are small files stored on your computer by a web server which hosts a site you are visiting. A cookie may track your visits to the site or store information such as your username and password used to enter the site. Cookies may also track and report your general internet usage and other data. Web bugs are created using Hypertext Markup Language (HTML), or the coding language used to create content on the internet. Web bugs are often found in the form of an image tag, completely invisible to a person visiting a web page. Web bugs may also track and report your internet activities or capture passwords and account numbers you use.
- False Anti-Spyware Tools. Some internet sites advertise free spyware detection and removal tools. In some cases, these tools are spyware themselves.
- Bots. Bots are malicious code that a remote attacker places on your computer to allow him full access and control of your computer. Once infected with this code, your computer becomes a member of the remote attacker's bot net, or his collection of computers that he has infected. Bot nets are commonly used in Distributed Denial of Service Attacks and in spam relays. Bot malware can contain spyware elements or install it.
What you can do:
- Use caution when downloading anything from the internet, newsgroups, or from instant messaging sessions. Also be wary of email attachments from unknown individuals or even unexpected attachments from persons you know and trust. Always use a virus scanner to check email attachments before opening them.
- When visiting unfamiliar or high risk sites, don't trust them. High risk sites may be identified by the content presented or by their reputation. If you have to visit these types of sites, it is a good idea to disable Active X in your browser settings. This may make your browsing experience at the sites a little less rich, but much safer.
- When installing software downloaded from the internet, be sure to carefully read all of the licensing agreements. The manufacturer may disclose the installation of spyware and detail the monitoring functionality of the software.
- When installing any application, be sure to watch for additional programs that might be installed. The use of "Wizards" makes the application installation process much easier and many people click through the wizard without noticing that other applications can be installed by default. Be sure to deselect these applications if they appear suspicious.
- Keep your operating system and applications up to date. Remember that some deployments of spyware depend of the successful exploitation of a known vulnerability in an operating system or application. By downloading "patches", or fixes for these vulnerabilities, you effectively block these types of spyware.
- Anti-virus and Anti-spyware tools acquired from trusted sources are paramount to the protection of your personal data. Remember to download virus and spyware definitions at least once a week to keep these applications up to date and effective.
- Consider configuring your email client to display email in text format as opposed to HTML format. Email clients like Outlook and Outlook Express give users this option in the "Tools/Options" dialog. In text form, hyper links in email won't function when you click on them, but you can still copy and paste the link into your browser (which is always the best practice). Web bugs will be rendered harmless in the text environment.