Spyware is computer software that enables a user to obtain covert information about someone’s computer activities by transmitting data covertly and silently from their hard drive.
Many of us only know that spyware was just a program that was used to collecting and stealing the confidential data from personal computer especially the credits card number and password. However, spyware also can interfere with users’ computer by installing the additional software, monitoring web browser activity for marketing purpose, accessing the internet blindly in order to cause infections of harm viruses, or routing the HTTP for advertising sites. Besides that, spyware also can adjust the setting of the computer’s performance that resulting in slow internet connections, changing of homepage, loss of internet or other programs.
Based on the information above, spywares are almost same with the many of the recent viruses. However, the differences were the spyware was designed to exploit the infected computer for commercial gain and it does not replicated it-self.
According to the Webroot Software, maker of the Spy Sweeper, said that nine out of ten computer that infected by spyware through the Internet Explorer (IE) due to the IE was easily vulnerable attacked by spyware. The reasons were the IE was the primary browser that was widely-used around the world and it also has a tight integration with the windows that allows the spywares able access the important and critical part of the settings of the computer.
Besides that, registry that contains numerous location that allow software executed automatically when the operations system boots. Spyware often exploits this design to help it circumvent attempts at removal. The spyware typically will link it-self from each of the locations in the registry that allows the execution. Once running, the spyware will periodically check if any of these links have been removed. If so, the spyware will be automatically restore registry links. This was ensuring that the spyware will executed when the operating system was booted even if the some or most of the registry link have been removed.
Negative Effect And The Behaviour Of Spyware In The Computer.
Once the computer has been affected by the spyware, it will rapidly infected by many other spyware or unwanted software when connected to internet. As the time pass long ago, user will be starts slowly observe the slow and the degradations of the system performance. This phenomenon was due to large amount of spyware that create a significant CPU activity, disk usage, and interrupt the network traffic which these all the negatives effect that will lead the computer to the system crash when the situation was serious. However, difficult connect to internet was a more common problem that cause by the spyware.
Next, users will start blaming all the performance problem of a computer was caused by computer hardware, windows installation problem, or a virus because users may not conscious about the present of the spyware in their computer. The result was users may call for specific technical help or even willing buy a new computer instead the old computer due the existing system have become slow and more slowly.
“According to the 2004 AOL study, if a computer has any spyware in it, it typically has dozens of different pieces installed. The cumulative effect and the interactions between spyware components, cause the symptoms commonly reported by user: a computer which slow to a crawl, overwhelmed by the many parasites processes running on it.”
Besides that, spyware have the abilities to disable the software firewall, antivirus software, and/or reduce the browser security setting such as activated the Active-X in order to open the system to further opportunistic infections. In a more serious case, a spyware even can remove the spyware program and modified the file in the computer in order to difficult to be deleted!
Route Of Infections Of Spywares
The way of infections of spywares was different from the infections of computer viruses and worms. In fact, spywares does not spread it-self through the network and connections. Instead, spyware break through the computer security by tricked the user to log on some websites that containing spyware or through the exploitations of software vulnerabilities that contain in the user’s computer.
Most of the spyware installed into the computer without the user’s knowledge. In order to achieve this kind of method, the spyware will bundled with other programs to trick the user to install it. For example, Bonzi Buddy, a programs that bundled with spyware and target at children claims that:
“He wills explore the Internet with you as your very own friend and sidekick! He can talk, joke, browse, walk, e-mail, and download like no other friend you’ve ever had! He even has the ability to compare prices on the product you love and help you save money! Best of all, he’s Free!”
Besides that, spyware can also bundled with other sharewares or the downloadable software from BitTorrent as well as media file i.e. mp3 music, RMVB file and so on. To achieve this goal, the spyware authors must paid for shareware authors in order to attach the spyware with their software. When user usually installs a program that downloaded from Internet, it is additionally will be install the spyware with it if that software has been infected by spyware. In other case, the spyware has to repackage desirable free software with installer that adds spyware.
Attacking the security hole in the web browser or other software was another way of infection of spyware. This case occur when the user navigates to webpage that controlled by the spyware author, and the page containing the code that will be attack the browser, then the code will force the user/computer to download and install the spyware. However, attacking the web browser was not easy way too because the prevention downloadable and installation by commercial antivirus and firewall programs. So, how does the spyware author achieve its goal? The answer was, the spyware author must have a wide knowledge of the commercial antivirus and firewall system and how this security system work. Later, they used the method of “drive by download” to put their spyware into the computer system, which leaves the user a helpless by standard to attack and the common victims of browser was Internet Explorer and in the Sun Microsystems Java run times.
Besides, installations of the spyware always involve the Internet Explorer. History has been proved that the Internet Explorer was the most attacking target by the spyware due to the Internet Explorer has a special integrate properties and relationship with window system that allow the spyware access into the important and critical part of computer system easily. In additional, spyware will also edit the browser setting such as editing the navigator security, redirect the traffic, or adding some toolbar into the Internet Explorer when spyware have attached with the Internet Explorer in the form of Browser Help Objects.
In another case, when a computer has affected by worm or viruses, the computer usually will be affected by spyware too. Some attacker even used the Spybot Worm to install the spyware in order to put the pornographic pop-ups on the screen of the infected windows. Why the spyware authors want to do like that? The answer was the spyware authors wants gain the profit personality by redirecting the traffic browser to advertisement to set up a channel funds.
Spyware For Advertisements
Most of spyware are gathering the information of user behaviour for the purpose of advertisements. Once the computer have by affected by spyware, the programs will display pop-up advertisement instantly, every seconds to minutes, or when the user open a new browser windows. Spyware for advertisement was desirable to advertisers because the user may visit the specific sites that show on the pop-up and the advertiser will pay for the placement advertisement on pop-up once the user click the advertisement links. The two sites get the profit!
Many users have complained about the irritating and the annoying of the pop-up ads because the spyware usually display the pop-ups advertisement indiscriminately for pornography. Linked to this sites may be added to the browser history, windows system, search functions, and so. This definitely will give a negative impact to those the users who are the children, this could be possibility violate to the anti-pornography law in jurisdictions.
A further issue of the case of the spyware programs that has to do with the replacement of banner ads on viewed sites. Spyware that acts as a web proxy or a Browser Helper Object can replace references to a site’s own advertisement (which funds the site) with advertisements the instead fund the spyware authors. This cuts into the margins of advertising –funded web sites.
Spyware Acts As Stealware, Affiliate Fraud, And Identity Theft
Spyware start collecting information from hard drive and important information by the methods of attacking the affiliate network then places the spyware operator’s affiliate tag on the user’s activity or replaces it when there was existed an original tag. The result was often means by scanning some folders and system registry to make a list of software installed on the computer, collect information about quality of connection, way of connecting, modem speed, etc
In other case, spyware also know as an identity theft. According to the researchers from security software firm Sunbelt Software in August 2005, it is believe that the maker of the common CoolWebSearch spyware had used it to transmit chat contains, user names, password, bank information, etc. However, it turned out that “it actually (was) its own sophisticated criminal little trojan that’s independent of CoolWebSearch.” This case is currently under investigation by the FBI.
Besides that, the Federal Trade Commission estimates there are about 27.3 million victims Americans of identity theft. Due to the large number of victims, financial loss were totalled nearly $48 billion for businesses and financial institutions and at least $5 billion in out-of-pocket expenses for individuals.
Spyware authors may commit wire fraud with dialler program spyware. These can reset a modem to dial-up a premium-rate telephone number instead of the usual ISP. Connecting to these suspicious numbers involves long-distance or overseas charges which invariably result in high call cost. Diallers are ineffective on computers that do not have a modem, or are not connected to a telephone line.
Methods Of Preventions Of Spyware
To protect the computer being infected by spyware, the most useful methods was installing the anti-spyware program such as Spyware Doctor, CounterSpy, Hijackthis, AVG antispyware, etc and recommended free firewall like Comodo firewall, PC Tool firewall and so on. Once the computer unfortunate have been infected by spyware and these antispyware programs difficulties remove its, then the user are advised to boot their computer in safe-mode that will allows an antispyware program a better change of removing persistent spyware and killing the process tree also can work.
Besides that, the users are advised to use other web browser such as Mozilla Firefox, Opera, etc instead of Internet Explorer. Although these browser are not safe as recommended. However, if these browser compare with Internet Explorer, the a greater risk of spyware infection will occur through the Internet Explorer due to the Internet Explorer have the special integration properties with the windows system and the Internet Explorer also vulnerability attacked by spyware through ActiveX.
Next, the users can install a large host file which prevents the user’s computer from connecting to known spyware related web address. However this kind of mthod may not perfectly block the spyware because the spyware can trespass the protection if it connecting the computer through the IP address instead of the domain name.
Another method was prevention downloading the shareware that consider unsafe and suspiciously. Downloading programs only from reputable sources can provide some protection from this source of attack. One of the recommended downloading website was CNET that will revamp its download directory pass inspection by Ad-Aware and Spyware Doctor.
As the information for student, the colleges and universities have taken the approach way to blocking the spyware through the network firewalls and preventing the known web sites to install spyware by editing the web proxies. This purpose was for preventing the spyware redirect the network traffic which can cause a big technical-support problem for the education system.
