What Is Spywareby Anton Chuvakin
- Spyware is a new strand of malicious software (or malware), annoying, and capable of robbing computer users all over the world.
In This Article:
Spyware is such a broad term that even the definition of this computer scourge is fuzzy. So, what is spyware? The best definition out there is given by Wikipedia:
"Spyware is a broad category of malicious software intended to intercept or take partial control of a computer's operation without the user's informed consent."
Thus, spyware has come to mean not only the "software that spies on you," but also the software that performs other kinds of abuses and annoyances, outside the traditional virus-and-worm world. For example, displaying unwanted ads is a primary purpose of "adware," which is often categorized as a type of spyware. In fact, some people even extend the definition to cover browser cookies, relatively innocuous pieces of text used by websites for user tracking.
One angle missed by the above definition is that while some folks are known to launch viruses and worms, two well-known types of computer nasties, "just for fun," spyware is usually written for somebody's direct monetary benefit, often in the form of good old cash. This aspect is one of the keys to the dramatic rise of spyware.
Spyware emerged in recent years to "entertain" computer users. This emergence coincided with a sea change in the world of mainstream computer attackers that shifted their focus from having fun at somebody else's expense to making money at somebody else's expense. Spyware, along with spam, phishing ("social engineering" attacks via email intent on stealing credentials), and pharming (DNS attacks aimed at attracting users to malicious websites), is one of the most noticeable computer threats of the day. We did say "noticeable," although spyware is often engineered to be hard to find, hard to notice, hard to pay attention to (that is, hidden in a lengthy license) and, obviously, hard to remove. Spyware evolved in the same time frame as e-commerce and online banking. As business use of the internet was growing up, so was business abuse.
The world of spyware is extremely broad and the mechanisms of its operation range from a mundane social engineering ruse (e.g. three pages of license "blah-blah-blah" followed by "and we will also steal your cookies and browser history for 'marketing purposes'") to a "zero-day" (that is, previously unpublished) exploit launched against the victim's Internet Explorer by malicious or compromised websites.
Here are some of the commonly identified types of spyware:
Browser objects (IE hacks, ActiveX controls, malicious toolbars, and so on)
Bots and rootkits (allow others to control your system remotely)
Keyloggers (record your keystrokes looking for sensitive data)
Bundled parasite software (miscellaneous nuisance)
Adware (run on the system or in the browser to display advertisements)
Let's look at some common spyware specimens. As reported by commercial anti-spyware company Sunbelt Software, these spyware programs were common in September 2005: Claria.DashBar, AvenueMedia.DyFuCA, IST.SlotchBar, ABetterInternet, and IST.ISTbar, to name a few. Most of the above are "adware" specimens (they display ads that can potentially generate revenue for the software creator) and do not spy on the victim, but others (such as IST.ISTbar, a malicious browser toolbar) actually collect web usage information and may install other, more harmful spyware on the user's system.