Inside Spyware

By SmallBusinessComputing Staff | Posted July 15, 2005

Most computer users are aware of the dark side of the Internet. Our online world brings issues of credit card and identity theft, junk mail and seedy content right into our homes and offices. But how many computer users are unwitting accomplices to such activities?

Your computer, or those of the people in your organization, is possibly being used to send spam, harvest e-mail addresses for spam, make purchases using stolen credit cards or take part in a denial of service (DoS) attack, where an army of computers shuts down a Web site by flooding its servers with HTTP requests.

EarthLink's SpyAudit program, which scanned 1,062,756 PCs, found 29.5 million instances of spyware, an average of nearly 28 spyware items per computer.

How does this happen without your knowledge? Examples like those above are usually the work of a trojan, a small program that can be unknowingly installed on a computer and then accessed by another computer over the Internet. Together with programs called spyware, adware and viruses, trojans are a part of a group collectively known as "malware" or "pestware." While the majority of such programs are pests and nothing more, they have the potential to be quite nasty.

Trojans: RATS That Can Control Your Computer
Like the horse of old, a trojan carries with it an unexpected surprise. Trojans do not replicate like a virus, but they do leave behind a program that can be contacted by another computer. From there, they can do just about anything. While it's possible a trojan can be used to take control of a computer, the most common trojans are dialer programs. Dialers are used without your knowledge to make international or premium calls (900-type numbers) from your PC. That's more than an annoyance; it can get expensive.

Trojans are also known as RATS (remote access trojans) and they are most often hidden in games and other small software programs that unsuspecting users download then unknowingly execute on their PCs.

Two common trojans are known as Back Orifice and SubSeven. Back Orifice was originally developed as a remote administration tool. But it worked by exploiting holes in Microsoft software, which makes it a popular tool for nefarious applications. Both Back Orifice and SubSeven can be used to capture what is on a computer's screen and what is typed in using the keyboard; they can be use to remotely control devices, such as opening and closing the CD drive; or to set up FTP, HTTP or Telnet servers on an unsuspecting user's machine. Basically, anything that can be done with a computer can be done remotely using a trojan.

Spyware: Who's Watching Your Online Moves?
Spyware programs range from annoying to the dangerous, including keyboard loggers and screen capture applications that can steal passwords and other sensitive information. The programs are sometimes bundled in with shareware or freeware programs that can be downloaded from the Internet. Often times they claim to be helpful utilities that also carry a more sinister side.

Many of the programs are marketed as legitimate tools for keeping tabs on children and spouses online. One program called Activity Logger, for example, connects to the Internet on its own, records the URLs of sites visited and the keystrokes from e-mail and chat applications. It will also capture screenshots that can be made into a slide show.

Adware: Caught in a Marketing Nightmare
Adware is software that displays advertisements to computer users. Some of the strictest definitions of adware include applications that are sponsored for their free use. One of the most popular examples is WeatherBug, which offers a free version of weather software and comes wrapped in a skin that displays advertising. While older versions of WeatherBug had rather significant privacy issues, newer versions are pretty straightforward: you see the ad, but you get the weather. Is this adware? In the strictest sense, many people say it is. But to some computer users, the trade off seems fair. Hotmail, Yahoo Mail and AOL's Instant Messenger are among other software programs and services that display ads to their users in exchange for free usage. Many of these programs offer advertising-free versions for a price.

More infamous among adware watchers is Gator, which now goes by the name Claria Corp. Gator was controversial from the start. It began in 1998 offering e-wallet software. But it reports your Web surfing habits back to its parent company, which then sends you advertisements targeted according to your data. The vast majority of people consider it a pest, especially because the software is often bundled with other, more useful software. As annoying as it is, Gator is not very malicious.

As for adware that reports personally identifiable information, once again tolerance varies. Some people don't want any information, such as tracking the sites you visit, revealed. Others draw the line at logging IP addresses.

Viruses: Contagious Pests
For all the publicity viruses have gotten, they remain a serious threat. While viruses can potentially destroy a computer's data, most of the widespread viruses have leaned more toward annoyance. The most famous are e-mail viruses that replicate and spread using e-mail addresses stored on a computer. They still cost computer users and their employers hundreds of millions of dollars annually.

The MS Blaster worm that caused havoc in the summer of 2003 exploited a vulnerability in the Remote Procedure Call (RPC) function of the Windows operating system. Anyone who did not install a patch issued by Microsoft was vulnerable, marking a new era in virus prevention for many Internet users. No longer was using care with e-mail attachments enough to keep you safe.

Symptoms of Spyware and Other Pests
Depending on the type of pest that plagues your computer, it may be very easy to detect an infection. That's the good news. The bad news is some of the most dangerous infections, especially from RATS or spyware, can be very difficult to detect. That's why most of the checking and removing of pests is done with software designed to do just that. Nevertheless, there are some general symptoms you should know.

Your Computer Has a Mind of Its Own
Spyware, trojans and other pests contact other computers, and each pest is program of its own, therefore they use system resources such as CPU cycles, memory and an Internet connection.

Slow Computer
There are several reasons your computer may be running slow, but if you use it on a regular basis, then you're familiar with its noises, hang-ups and how it reacts. Older computers tend to run slower. Some applications cause computers to run slower. Computers are machines; they do not have moods. A sudden change in how your computer is running could be a sign of spyware or adware.

E-Mail Symptoms
If you're getting a lot of bounced back mail and see evidence of e-mails being sent without your knowledge, then it's possible that trojan spamware has found its way onto your computer. Spamware is a trojan that can turn your computer into a spam launching pad and create headaches for unknowing computer users, especially if it sends a virus. Even if your computer is not being used to send spam, trojans can steal a copy of your e-mail address book and send it back to a spammer.

Noises, Bells and Whistles
Victims of some trojans report CD drives opening and shutting, or programs opening and closing. Is your hard drive whirling away when you're not doing anything? Is there an unknown icon in your Windows system tray (lower-right corner of your screen)? If you have an external modem, there may be lights indicating data transfers blinking when you're not doing anything online. These are all signs a program may be up to no good in the background.

Offline Symptoms
Keyboard loggers can capture passwords and user names, so if the bank, brokerage or credit card accounts you access online appear to have been tampered with, your computer may be a place to start looking for clues. User names and passwords to e-mail and Web-based applications are also vulnerable.

If you have any reason to believe someone is interested in tracking what you do online, scan for spyware regularly.

Stop by next Monday for part two of the series when we discuss identifying spyware and pestware removal.

Adapted from intranetjournal.com.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!


Comment and Contribute


     

    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    Thanks for your registration, follow us on our social networks to keep up-to-date