Spyware - Adware - Scumware, The Hezbollah of the Computing World
Yes, the world of computing has it's own "Hezbollah", called Spyware, Maleware, and Scumware. Like the terrorist group among civilians, these programs "hide" among legitimate downloads and upgrades you make on a daily basis. If you are connected to the internet you have been exposed to, and almost certainly already have, a Hezbollah/Spyware/Maleware/Scumware program living right along side one of your favorite programs as we speak! These programs are almost as hard to get rid of as the Hezbollah and not nearly as nice.
I wrote this article out of shear frustration!! Having just finished (I Hope) the removal of the last remnant of a particularly bad Spyware infection. It started when I decided to take a look at a "music" download service - you know the type - the kind that let you "download all you want!" I downloaded something all right. First came the popups - I couldn't close them fast enough, then I noticed my home page was NOT Google Search anymore but some God awful Male Enhancement site, then came the emails - sex sites, gambling sites, advertisements of all shape, size, and color and did I say SEX sites - I had no idea how many males suffer from small.... well you get the picture. I then noticed my computer had become soooooo....slooooow... it would churn and churn as the Male Enhancement ads and the Viagra ads - just kept coming!
I NEEDED HELP and NOW!!
The more I read about the culprits Spyware - Malware and Scumware as they have been affectionately called the more I began to worry - these guys were SERIOUS about their mischief! I tried all the free softwares I could find to get rid of them but even after I rebooted the little devils reinstalled themselves. I knew I was in over my head and the enemy was very very good at their craft, I even had one Spyware "killer" program that installed it's own Malware on my system and sent me to a site to "Buy" the only fix for the Problem - UNBELIEVABLE!!
Why Do I Feel Like Somebody's Watching Me?
Spyware is one of the fastest-growing Internet threats. According to the National Cyber Security Alliance, Spyware infects more than 90% of all PCs today. These unobtrusive yet malicious programs are designed to silently bypass firewalls and anti-virus software without the user's knowledge. Once embedded in a computer, they can wreak havoc on the system's performance while gathering your personal information. Fortunately, unlike viruses and worms, spyware programs do not usually self-replicate.
Where do they come from?
Typically, Spyware originates in three ways. The first and most common way is when the user installs it. In this scenario, spyware is embedded, attached, or bundled with a freeware or shareware program without the user's knowledge. The user downloads the program to their computer. Once downloaded, the Spyware program goes to work collecting data for the spyware author's personal use or to sell to a third-party. Beware of many P2P file-sharing programs. They are notorious for downloads that possess spyware programs.
The user of a downloadable program should also pay extra attention to the accompanying licensing agreement. Often the software publisher will warn the user that a Spyware program will be installed along with the requested program. Unfortunately, we do not always take the time to read the fine print. Some agreements may provide special "opt-out" boxes that the user can click to stop the spyware from being included in the download. Be sure to review the document before signing off on the download.
Another way that Spyware can access your computer is by tricking you into manipulating the security features designed to prevent any unwanted installations. The Internet Explorer Web browser was designed not to allow websites to start any unwanted downloads. That is why the user has to initiate a download by clicking on a link. These links can prove deceptive. For example, a pop-up modeled after a standard Windows dialog box, may appear on your screen. The message may ask you if you would like to optimize your Internet access. It provides yes or no answer buttons, but, no matter which button you push, a download containing the Spyware program will commence. Newer versions of Internet Explorer are now making this Spyware pathway a little more difficult.
Finally, some Spyware applications infect a system by attacking security holes in the Web browser or other software. When the user navigates a webpage controlled by a Spyware author, the page contains code designed to attack the browser, and force the installation of the Spyware program.
What can Spyware programs do?
Spyware programs can accomplish a multitude of malicious tasks. Some of their deeds are simply annoying for the user; others can become downright aggressive in nature.
Spyware can:
1. Monitor your keystrokes for reporting purposes.
2. Scan files located on your hard drive.
3. Snoop through applications on your desktop.
4. Install other Spyware programs into your computer.
5. Read your cookies.
6. Steal credit card numbers, passwords, and other personal information.
7. Change the default settings on your home page web browser.
8. Mutate into a second generation of Spyware thus making it more difficult to eradicate.
9. Cause your computer to run slower.
10. Deliver annoying pop up advertisements.
11. Add advertising links to web pages for which the author does not get paid. Instead, payment is directed to the Spyware programmer that changed the original affiliate's settings.
12. Provide the user with no uninstall option and places itself in unexpected or hidden places within your computer making it difficult to remove.
Spyware Examples
Here are a few examples of commonly seen Spyware programs. Please note that while researchers will often give names to Spyware programs, they may not match the names the Spyware-writers use.
CoolWebSearch, a group of programs, that install through "holes" found in Internet Explorer. These programs direct traffic to advertisements on Web sites including coolwebsearch.com. This Spyware nuisance displays pop-up ads, rewrites search engine results, and alters the computer host file to direct the Domain Name System (DNS) to lookup preselected sites.
Internet Optimizer (a/k/a DyFuCa), likes to redirect Internet Explorer error pages to advertisements. When the user follows the broken link or enters an erroneous URL, a page of advertisements pop up.
180 Solutions reports extensive information to advertisers about the Web sites that you visit. It also alters HTTP requests for affiliate advertisements linked from a Web site. Therefore the 180 Solutions Company makes an unearned profit off of the click through advertisements they've altered.
HuntBar (a/k/a WinTools) or Adware.Websearch, is distributed by Traffic Syndicate and is installed by ActiveX drive-by downloading at affiliate websites or by advertisements displayed by other spyware programs. It's a prime example of how spyware can install more spyware. These programs will add toolbars to Internet Explorer, track Web browsing behavior, and display advertisements.
How can I prevent Spyware?
There are a couple things you can do to prevent Spyware from infecting your computer system. First, invest in a reliable commercial anti-spyware program. There are several currently on the market including stand alone software packages such as Lavasoft's Ad-Aware or Windows Antispyware. Other options provide the anti-spyware software as part of an anti-virus package. This type of option is offered by companies such as Sophos, Symantec, and McAfee. Anti-spyware programs can combat spyware by providing real-time protection, scanning, and removal of any found Spyware software. As with most programs, update your anti virus software frequently. As discussed, the Internet Explorer (IE) is often a contributor to the Spyware problem because Spyware programs like to attach themselves to its functionality. Spyware enjoys penetrating the IE's weaknesses. Because of this, many users have switched to non-IE browsers. However, if you prefer to stick with Internet Explorer, be sure to update the security patches regularly, and only download programs from reputable sources. This will help reduce your chances of a Spyware infiltration.
And, when all else fails?
Finally, if your computer has been infected with a large number of Spyware programs, the only solution you may have is backing up your data, and performing a complete reinstall of the operating system.
DO NOT take the Spyware threat lightly.
It is, in my opinion, much more insidious and sneaky than the plain old Virus that most Virus software can handle. Take it from me after nearly 48 hours of trying to cleanse my system of this "stuff," - I will not be without an effective and Guaranteed method of removal again.
