Spyware

Spyware

Page issues
Spyware is software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's consent, or that asserts control over a device without the consumer's knowledge.[1]
"Spyware" is mostly classified into four types:adware, system monitors, tracking cookies, and trojans;[2] examples of other notorious types include digital rights managementcapabilities that "phone home", keyloggers,rootkits, and web beacons.
Spyware is mostly used for the purposes of tracking and storing Internet users' movements on the Web and serving up pop-up ads to Internet users. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computerintentionally in order to monitor users.
While the term spyware suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with a user's control of a computer by installing additional software or redirecting web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or changes to software settings.
Sometimes, spyware is included along with genuine software, and may come from a malicious website or may have been added to the intentional functionality of genuine software (see the paragraph about Facebook, below). In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer securitypractices, especially for computers runningMicrosoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.
In German-speaking countries, spyware used or made by the government is called govwareby computer experts (in common parlance:Regierungstrojaner, literally "Government Trojan"). Govware is typically a trojan horse software used to intercept communications from the target computer. Some countries, like Switzerland and Germany, have a legal framework governing the use of such software.[3][4] In the US, the term "policeware" has been used for similar purposes.[5]
Use of the term "spyware" has eventually declined as the practice of tracking users has been pushed ever further into the mainstream by major websites and data mining companies; these generally break no known laws and compel users to be tracked, not by fraudulent practices per se, but by the default settings created for users and the language of terms-of-service agreements. In one documented example, on CBS/CNet News reported, on March 7, 2011, on a Wall Street Journal analysis revealing the practice of Facebook and other websites of tracking users' browsing activity, linked to their identity, far beyond users' visits and activity within the Facebook site itself. The report stated: "Here's how it works. You go to Facebook, you log in, you spend some time there, and then ... you move on without logging out. Let's say the next site you go to isNew York Times. Those buttons, without you clicking on them, have just reported back to Facebook and Twitter that you went there and also your identity within those accounts. Let's say you moved on to something like a site about depression. This one also has a tweet button, a Google widget, and those, too, can report back who you are and that you went there." The WSJ analysis was researched by Brian Kennish, founder of Disconnect, Inc.[6]

Routes of infectionEdit

Spyware does not necessarily spread in the same way as a virus or worm because infected systems generally do not attempt to transmit or copy the software to other computers. Instead, spyware installs itself on a system by deceiving the user or byexploiting software vulnerabilities.
Most spyware is installed without knowledge, or by using deceptive tactics. Spyware may try to deceive users by bundling itself with desirable software. Other common tactics are using a Trojan horse, spy gadgets that look like normal devices but turn out to be something else, such as a USB Keylogger. These devices actually are connected to the device as memory units but are capable of recording each stroke made on the keyboard. Some spyware authors infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware.
The installation of spyware frequently involves Internet Explorer. Its popularity and history of security issues have made it a frequent target. Its deep integration with the Windows environment make it susceptible to attack into the Windows operating system.Internet Explorer also serves as a point of attachment for spyware in the form ofBrowser Helper Objects, which modify the browser's behavior.

Effects and behaviorsEdit

A spyware program rarely operates alone on a computer; an affected machine usually has multiple infections. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. Stability issues, such as applications freezing, failure to boot, and system-wide crashes are also common. Spyware, which interferes with networking software commonly causes difficulty connecting to the Internet.
In some infections, the spyware is not even evident. Users assume in those situations that the performance issues relate to faulty hardware, Windows installation problems, or another malware infection. Some owners of badly infected systems resort to contactingtechnical support experts, or even buying a new computer because the existing system "has become too slow". Badly infected systems may require a clean reinstallation of all their software in order to return to full functionality.
Moreover, some types of spyware disable software firewalls and antivirus software, and/or reduce browser security settings, which opens the system to furtheropportunistic infections. Some spyware disables or even removes competing spyware programs, on the grounds that more spyware-related annoyances increase the likelihood that users will take action to remove the programs.[7]
Keyloggers are sometimes part of malware packages downloaded onto computers without the owners' knowledge. Some keylogger software is freely available on the internet, while others are commercial or private applications. Most keyloggers allow not only keyboard keystrokes to be captured, they also are often capable of collecting screen captures from the computer.
A typical Windows user has administrative privileges, mostly for convenience. Because of this, any program the user runs has unrestricted access to the system. As with other operating systems, Windows users are able to follow the principle of least privilegeand use non-administrator accounts. Alternatively, they can reduce the privileges of specific vulnerable Internet-facing processes, such as Internet Explorer.
Since Windows Vista is, by default, a computer administrator that runs everything under limited user privileges, when a program requires administrative privileges, a User Account Control pop-up will prompt the user to allow or deny the action. This improves on the design used by previous versions of Windows.

Remedies and preventionEdit

See also: Computer virus § Virus removal
As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or block spyware, as well as various user practices which reduce the chance of getting spyware on a system.
Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system. For instance, some spyware cannot be completely removed by Symantec, Microsoft, PC Tools.

Anti-spyware programsEdit

See also: Category:Spyware removal
Many programmers and some commercial firms have released products dedicated to remove or block spyware. Programs such as PC Tools' Spyware Doctor, Lavasoft's Ad-Aware SE and Patrick Kolla's Spybot - Search & Destroy rapidly gained popularity as tools to remove, and in some cases intercept, spyware programs. On December 16, 2004, Microsoftacquired the GIANT AntiSpyware software,[8]rebranding it as Windows AntiSpyware betaand releasing it as a free download for Genuine Windows XP and Windows 2003 users. (In 2006 it was renamed Windows Defender).
Major anti-virus firms such as SymantecPC ToolsMcAfee and Sophos have also added anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and now offers real-time protection against these threats.

How anti-spyware software worksEdit

Anti-spyware programs can combat spyware in two ways:
  1. They can provide real-time protection in a manner similar to that of anti-virus protection: they scan all incoming network data for spyware and blocks any threats it detects.
  2. Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed into the computer. This kind of anti-spyware can often be set to scan on a regular schedule.
Such programs inspect the contents of theWindows registryoperating system files, andinstalled programs, and remove files and entries which match a list of known spyware. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's SpywareBlaster, one of the first to offer real-time protection, blocked the installation of ActiveX-based spyware.
Like most anti-virus software, many anti-spyware/adware tools require a frequently updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, adding to the list of known spyware, which allows the software to detect and remove new spyware. As a result, anti-spyware software is of limited usefulness without regular updates. Updates may be installed automatically or manually.
A popular generic spyware removal tool used by those that requires a certain degree of expertise is HijackThis, which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually. As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete.
If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware. Killing the process tree may also work.

Security practicesEdit

To detect spyware, computer users have found several practices useful in addition to installing anti-spyware programs. Many users have installed a web browser other thanInternet Explorer, such as Mozilla Firefox orGoogle Chrome. Though no browser is completely safe, Internet Explorer was once at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as ActiveX but these three major browsers are now close to equivalent when it comes to security.[9][10]
Some ISPs—particularly colleges and universities—have taken a different approach to blocking spyware: they use their networkfirewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it.[11]Many other educational institutions have taken similar steps.
Individual users can also install firewalls from a variety of companies. These monitor the flow of information going to and from a networked computer and provide protection against spyware and malware. Some users install a large hosts file which prevents the user's computer from connecting to known spyware-related web addresses. Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack.[12]

ApplicationsEdit

"Stealware" and affiliate fraudEdit

A few spyware vendors, notably 180 Solutions, have written what the New York Times has dubbed "stealware", and what spyware researcher Ben Edelman termsaffiliate fraud, a form of click fraud. Stealware diverts the payment of affiliate marketingrevenues from the legitimate affiliate to the spyware vendor.
Spyware which attacks affiliate networksplaces the spyware operator's affiliate tag on the user's activity – replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user has their choices thwarted, a legitimate affiliate loses revenue, networks' reputations are injured, and vendors are harmed by having to pay out affiliate revenues to an "affiliate" who is not party to a contract.[13] Affiliate fraud is a violation of the terms of service of most affiliate marketing networks. As a result, spyware operators such as 180 Solutions have been terminated from affiliate networks including LinkShare and ShareSale.[citation needed] Mobile devices can also be vulnerable to chargeware, which manipulates users into illegitimate mobile charges.

Identity theft and fraudEdit

In one case, spyware has been closely associated with identity theft.[14] In August 2005, researchers from security software firm Sunbelt Software suspected the creators of the common CoolWebSearch spyware had used it to transmit "chat sessionsuser namespasswords, bank information, etc.";[15]however it turned out that "it actually (was) its own sophisticated criminal little trojan that's independent of CWS."[16] This case is currently under investigation by the FBI.
The Federal Trade Commission estimates that 27.3 million Americans have been victims of identity theft, and that financial losses from identity theft totaled nearly $48 billion for businesses and financial institutions and at least $5 billion in out-of-pocket expenses for individuals.[17]

Digital rights managementEdit

Some copy-protection technologies have borrowed from spyware. In 2005, Sony BMG Music Entertainment was found to be usingrootkits in its XCP digital rights managementtechnology[18] Like spyware, not only was it difficult to detect and uninstall, it was so poorly written that most efforts to remove it could have rendered computers unable to function. Texas Attorney General Greg Abbottfiled suit,[19] and three separate class-actionsuits were filed.[20] Sony BMG later provided a workaround on its website to help users remove it.[21]
Beginning on April 25, 2006, Microsoft'sWindows Genuine Advantage Notifications application[22] was installed on most Windows PCs as a "critical security update". While the main purpose of this deliberately uninstallable application is to ensure the copy of Windows on the machine was lawfully purchased and installed, it also installs software that has been accused of "phoning home" on a daily basis, like spyware.[23][24] It can be removed with the RemoveWGA tool.

Personal relationshipsEdit

Spyware has been used to monitor electronic activities of partners in intimate relationships. At least one software package, Loverspy, was specifically marketed for this purpose. Depending on local laws regarding communal/marital property, observing a partner's online activity without their consent may be illegal; the author of Loverspy and several users of the product were indicted in California in 2005 on charges of wiretapping and various computer crimes.[25]

Browser cookiesEdit

Anti-spyware programs often report Web advertisers' HTTP cookies, the small text files that track browsing activity, as spyware. While they are not always inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them.[26]

ExamplesEdit

These common spyware programs illustrate the diversity of behaviors found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections. For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs that are frequently installed together may be described as parts of the same spyware package, even if they function separately.
  • CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites includingcoolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to directDNS lookups to these sites.[27]
  • FinFisher, sometimes called FinSpy is a high-end surveillance suite sold to law enforcement and intelligence agencies. Support services such as training and technology updates are part of the package.[28]
  • GO Keyboard virtual Android keyboard apps (GO Keyboard - Emoji keyboard[29] and GO Keyboard - Emoticon keyboard[30]) transmit personal information to its remote servers without explicit users' consent. This information includes user's Google account email, language, IMSI, location, network type, Android version and build, and device's model and screen size. The apps also download and execute a code from a remote server, breaching the Malicious Behavior section[31] of the Google Play privacy policies. Some of these plugins are detected as Adware or PUP by many Anti-Virus engines[32], while the developer, a Chinese company GOMO Dev Team, claims in the apps' description that they will never collect personal data including credit card information.[33] The apps with about 2 million users in total were caught on spying on September 2017 by security researches from AdGuard who then reported their findings to Google.[34]
  • HuntBar, aka WinTools or Adware.Websearch, was installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements.[35][36]
  • Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.[37]
  • Spyware such as Look2Me hides inside system-critical processes and start up even in safe mode. With no process to terminate they are harder to detect and remove, which is a combination of both spyware and arootkit. Rootkit technology is also seeing increasing use,[38] as newer spyware programs also have specific countermeasures against well known anti-malware products and may prevent them from running or being installed, or even uninstall them.[citation needed]
  • Movieland, also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and other agencies. Consumers complained they were held hostage by a cycle of oversized pop-up windows demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay.[39][40] The FTC filed acomplaint, since settled, against Movieland and eleven other defendants charging them with having "engaged in a nationwide scheme to use deception and coercion to extract payments from consumers."[41]
  • WeatherStudio has a plugin that displays a window-panel near the bottom of a browser window. The official website notes that it is easy to remove (uninstall) WeatherStudio from a computer, using its own uninstall-program, such as under C:\Program Files\WeatherStudio. Once WeatherStudio is removed, a browser returns to the prior display appearance, without the need to modify the browser settings.
  • Zango (formerly 180 Solutions) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliateadvertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies (as seen in their [Zango End User License Agreement]).[13]
  • Zlob trojan, or just Zlob, downloads itself to a computer via an ActiveX codec and reports information back to Control Server[citation needed]. Some information can be the search-history, the Websites visited, and even keystrokes.[42] More recently, Zlob has been known to hijack routers set to defaults.[43]

Comments

Post a Comment

Popular posts from this blog

CA

Image
Edit Watch this page Read in another language Institute of Chartered Accountants of India The Institute of Chartered Accountants of India  ( ICAI ) is the national  professional accounting body  of  India . It was established on 1 July 1949 as a  statutory body  under the Chartered Accountants Act, 1949  enacted by the  Parliament  (acting as the provisional Parliament of India ) to regulate the profession of  Chartered Accountancy  in India. ICAI is the second largest professional Accounting & Finance body in the world. However, the rapid growth and autonomy of the ACCA in the early 2000s, soon made ICAI the third largest in terms of membership, the first being the ACCA. ICAI is the only licensing cum regulating body  of the  financial audit  and accountancy  profession in India. It recommends the  accounting standards  to be followed by companies in India to  National Advisor...
Read more

Telecommunication

Image
Edit Watch this page Read in another language Telecommunication Not to be confused with   Teleconnection . Earth station   at the satellite communication facility in Raisting, Bavaria, Germany Visualization from the   Opte Project   of the various routes through a portion of the Internet Telecommunication   is the   transmission   of signs, signals, messages, words, writings, images and sounds or information of any nature by   wire ,   radio , optical or other electromagnetic   systems. [1] [2] Telecommunication occurs when the exchange of   information   between communication   participants includes the use of   technology . It is transmitted either electrically over physical media, such as cables , or via   electromagnetic radiation . [3] [4] [5] [6] [7] [8]   Such transmission paths are often divided into   communication channels   which afford the advantages of mult...
Read more

Local aria network

LAN A conceptual diagram of a local area network. "LAN" redirects here. For other uses, see   LAN (disambiguation) . A   local area network   ( LAN ) is a   computer network   that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. [1]   By contrast, a   wide area network (WAN) not only covers a larger geographic distance, but also generally involves   leased telecommunication circuits . Ethernet   and   Wi-Fi   are the two most common technologies in use for local area networks. Historical technologies include   ARCNET , Token ring , and   AppleTalk . History Cabling Edit Early LAN cabling had generally been based on various grades of   coaxial cable . Shielded twisted pair   was used in IBM's   Token Ring LAN implementation, but in 1984,   StarLAN showed the potential of simple   unshielded twis...
Read more