Adware and Spyware – What are they ?

What if you bought a music CD and every five minutes a voice came on and asked you to get a new credit card, or to change your mobile service provider, or to earn $2032 per hour just from home? What if your music listening habits were constantly being monitored? And if the force behind the voice caused your CD player to eventually go kaput? Translate that to the world that is the Internet, and what you have is adware and spyware.

What are they?

Essentially, “adware” is an abbreviation for advertising-supported software. Adware comes bundled with some commercial software which, upon installation, installs packages that download advertising material to your computer and display them. These ads are usually displayed when the user is using the original software application. However, this is not always the case. As it becomes increasingly pervasive on your computer, adware begins to pop up ads even when you aren’t using the original software application. And that’s when it gets really irritating.

Spyware, on the other hand, is irritating right from the beginning. It gets its name from the fact that it installs itself and performs (often malicious) operations on the user’s computer without his knowledge. It is intentionally designed to stealthily install itself and monitor the user’s activity, accessing information that can easily be used to someone’s  profit. Essentially, spyware, once on your computer, is used to transmit personal data to a third-party that will use it for a purpose you did not sanction.

Spyware shouldn’t be confused with viruses or worms, as a spyware package is not intended to replicate itself.

 

Cartoon virus

Courtesy : scottgbrooks

How Do They Attack?

Adware, spyware, and for that matter, any malware, can attack in a variety of ways.

Adware Attacks

As mentioned earlier, adware is usually bundled with a commercial software. It can install itself on your computer either with your permission or without your knowledge when you install the software package. Milder forms of adware are also present in the form of pop-up (and the increasingly common, pop-under) banners that pop up when you visit certain sites. These ads, sometimes referred to as “Java traps,” open up in several mini-windows—each time a window is closed by the user, code that spawns another window is activated. Programmers sometimes add adware to their software packages in order to recover some of the cost of developing the package.

If the package is freeware then the adware is used to make up for the entire cost of development. Shareware packages also sometimes carry adware that is activated once the trial period is over. Adware can have several negative effects on your computer. It generally slows it down since it gobbles up some of your system’s RAM. It also, to a large extent, slows down your Internet connection, as a lot of bandwidth can be used to download ad content.

Funny ads

Fake ads to attract attention.

Adware is generally licensed content, and therefore usually (though not always) requires the user’s permission before being installed on the user’s computer. It collects information about how one is using one’s computer and the content transmitted therein, and based on this, displays “relevant” ads in your browser. The free versions of certain browsers, like Opera, used to support adware. Come P2P clients, such as KaZaA, have adware (for example, Gator, TopSearch, etc.) that install on your computer.

However, there are very few examples of such “good” adware. Good adware allows you to uninstall it whenever you like. The other type of adware installs itself on your computer without your permission. Usually, sites with explicit content install such packages onto your computer. These could eventually “hijack” your browser, causing your screen to get filled with more and more pop-ups.

 

Spyware Attacks

Spyware is intended to gather information about a computer user without that user’s permission and knowledge. There are different levels of information that spyware intends to collect from one’s computer. The milder versions collect data about the user’s Internet usage and sends it to, say, an online advertising agency, who will then point your browser towards advertising content (read tons of pop-ups). The harsher versions of spyware can take more personal information from your Internet history such as credit card numbers and passwords.

Spyware is usually developed by individuals who want to infiltrate computers and use it to their profit. Spyware, once installed on your computer, can drastically slow down its performance, since it consumes a large amount of RAM; with every subsequent browser function, it slows down your computer further. But how does spyware get installed on your computer? Well, you don’t have to visit a pornography site to be attacked by spyware. These days, spyware has pervaded to sites with not only explicit content, but also to sites with other accessible Web content, including downloads from sources that aren’t legitimate.

Though it may seem pretty cool to have been able to get some really expensive pirated software off a warez site, you are almost certainly going to be open to spyware as you do it. The same goes for some P2P clients (like Kazaa, BearShare, and Morpheus). Spyware can get installed on your computer when you install certain software, through the ActiveX controls of malicious Web sites, or even through pop-up advertising. ActiveX is a technology used by Microsoft IE, and it allows different applications—or parts of them—that you installed on your computer to be accessed by your browser to display content. Some spyware developers are particularly cunning, disguising their spyware programs as spyware removal programs, thereby fooling users into downloading more spyware.

Spyware programs are getting more malicious by the day. They could install a variety of application DLLs on your computer that allow hackers to snoop on what you’re doing. These DLLs can do a variety of things to your computer—monitor your keystrokes on or offline, access your word processor, hijack your Web browser, display advertisements, and more. And some spyware leaves your computer even more open to attack from other spyware.

Gator basically displays advertising on the computer on which it is installed. It also installs a host of other applications like GotSmiley, Dashbar, and more, which further slow down your computer.

 

Brief : Why you should concern about security ?

Hackers awaiting for your actions

Adware can bring down your PC, a virus can mass-mail annoying contents to all the contacts in your address book, a key logger can send every keystroke of yours to someone on the Net—and these are just a few risks that are out there affecting PCs. Also, for someone even moderately well versed with operating systems, getting into a poorly-secured PC is child’s play.

WHY SECURITY?

As computers become more and more integrated into our lives, we end up leaving a lot of sensitive information on our PCs—from passwords, e-mail IDs (even official e-mail IDs) and bank accounts to personal diaries and notes, business plans (or worse still, tender bids), confidential documents, a log of surfing habits (which can be viewed out of context), a backup of phone SMSes, and much more. Then there is another risk, especially when you are online—viruses and spyware. Though viruses and spyware are talked about in the same breath, there is one fundamental difference: a virus is written to cause damage to your operating system, programs or files, usually with no direct benefit to the virus creator. Spyware, on the other hand, is written for gain. This could be by tracking the surfing habits of a user on an infected computer and sending this information to someone who would send the user advertisements supposedly targeted at him based on his surfing habits.

Very strictly speaking, spyware is not intended to cause damage, at least in the traditional sense, but more often than not, they end up doing so on your PC, which is rendered difficult to repair. When we speak of computer security, what we mean is the ways in which you can prevent people from accessing data on your computer, keep your computer safe from viruses and spyware, and protect yourself from hacking and phishing.

 

The Internet

The Internet brings the world to your desktop, no doubt. But that world also includes a sub-world of spyware, worms, phishing attacks, and more. The most common of online irritants is spam e-mail. Spam is simply unsolicited email that urge you to buy herbal concoctions to enlarge certain body parts, promise youthfulness via a pill, say that you’ve won a Rolex watch, and so on. These mails invariably contain a link to a supposed online store that will ask you for a credit card number for an online payment. It is difficult to believe how someone can fall for a trick like this, but apparently, there are a few innocent people out there who get tricked into buying a “herbal” cure or a “collector’s watch.” Needless to say, you need to just delete these mails. The other common annoyance, which can also bring down your PC, is spyware / adware. The source of these is most usually pornographic sites or those with cracks for software. These sites can also be the very links you get in spam mail. Once they get installed, they are able to send a list of the Web sites you surf, and even your e-mail address. Based on your surfing habits, spam is sent to your email ID, advertising products or services that would ostensibly be of interest to you. An adware program will open browser windows all by itself and direct you to Web sites selling products of the same nature. Some of them are so designed that if you close the window that they bring up, they will open two or more instantly! If you receive a suspicious looking file in an e-mail (something like “annakournikova nude playing tennis.avi.scr”) even from a known source, do not download the file. It is likely that a virus has hacked into the sender’s e-mail client (or even disguised the sending address as something else—yes, that’s possible too) and is sending out spam or offensive mails.

 

internet_security - spyware

Spyware

The affected person may not even know that spam mails from his ID are being sent. You can be a good friend and call him up to let him know of this so he can take curative measures. Some sites even make use of the fact that people occasionally make typographical errors! A recent example is www.ork0t.com (now taken down), which you could have visited if you typed what you thought was “www.orkut.com” and made a typo. When one entered one’s user ID and password into that site, it would be used to hack into your account and send out spam to all your contacts! Phishing is a threat that can potentially rob you of your money. It’s a means of fooling you into disclosing your login details of any site / service. If you are using an e-banking service, be very careful of mails that you may receive claiming to be from your bank, asking you to fill in your login details. As a policy, most banks do not send out e-mails asking you to fill in any e-banking details. If you do receive such a mail, it is fake. Before you fill out any details on a site following a link sent via e-mail, do confirm with your bank’s customer care if they have indeed sent out such a mail. Visit only your bank’s official site for all transactions.

 

Attacks From Known Sources 

It is not uncommon for crime investigators to find that the culprit was known to the victim—this is the case with computer security as well. Someone who works at your computer may access your personal files—and even your surfing habits. It is not generally practical to keep your PC under lock and key, but what you can have is a digital version of a lock and key: set up passwords and encrypt files.

Data theft is a growing concern amongst corporates. Personal and professional harm can arise if someone gets access to your private data or worse still, your e-mail, wherein they could email someone posing as you. You can assign a password to access your PC and, similarly, password-protect your files as a first step to safeguard yourself from this risk. And, it is good practice not to let anyone install unfamiliar programs on your computer.

You must realize that given sufficient time and resources, a competent enough person can eventually break into your PC, but that is no reason to leave it entirely unsecured.

A cartoon from drxtoon