Spyware

Spyware is a broad category of malicious software intended to intercept or take partial control of a computer's operation without the user's informed consent. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.

Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, spyware is designed to exploit infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.

As of 2005, spyware affects only computers running Microsoft Windows operating systems. There have been no reported observations of spyware for Mac OS X, Linux, or other platforms.

Spyware, "adware", and tracking

The term adware frequently refers to any software which displays advertisements, whether or not it does so with the user's consent. Programs such as the Eudora mail client and the Opera Web browser display advertisements as an alternative to shareware registration fees. These classify as "adware" in the sense of advertising-supported software, but not as spyware. They do not operate surreptitiously or mislead the user.

Many of the programs frequently classified as spyware function as adware in a different sense: their chief observed behavior consists of displaying advertising. Claria Corporation's Gator Software provides an example of this sort of program. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user's experience is that their computer begins displaying a large number of pop-up advertisements.

Other spyware behaviors, such as reporting on Web sites the user visits, frequently accompany the displaying of advertisements. The goal of monitoring Web activity is to build up a marketing profile on the user in order to sell "targeted" advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware (and some anti-spyware programs report it as such) although many users choose to install it.

Spyware: Routes of infection

Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities.

The most direct route by which spyware can get on a computer is for the user to install it. However, users are unlikely to install software if they know that it may disrupt their working environment and compromise their privacy. So many spyware programs deceive the user, either by piggybacking on a piece of desirable software, or by tricking the user to do something that installs the software without realizing it.

Classically, the definition of a Trojan horse involves something dangerous that comes in the guise of something desirable. Some spyware programs are distributed in just this manner. The distributor of spyware presents the program as a useful utility—for instance as a "Web accelerator" or as a helpful software agent. Users download and install the software, only to find out later that it can cause harm.

A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. The design of the Internet Explorer Web browser is intended not to allow Web sites to initiate an unwanted download. Instead, a user action, such as clicking on a link, has to trigger a download. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as "Would you like to optimize your Internet access?" with links which look like buttons reading Yes and No. No matter which "button" the user presses, a download starts, placing the spyware on the user's system. Later versions of Internet Explorer offer fewer avenues for this attack.

Some spyware authors infect a system by attacking security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and install of spyware. This has become known as a "drive-by download", by analogy to drive-by shooting in which the user is a hapless bystander. Common attacks target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime. Given that Internet Explorer is still the most widely used browser and that many users' systems are not up to date, it creates an attractive entry point for the less scrupulous advertisers.

Internet Explorer also serves as a point of attachment for these programs, which install themselves as Browser Helper Object (BHO) plugins.

This article is adapted from: wikiPedia.com.