Types of Spyware: Snoops, Adware, Cookies, and More

Like the term virus , which is often used as a generic term for all malicious attack software, the term spyware has a similar catch-all usage. It encompasses a family of malware that all has some snoop capability. Let's have a look at the various types.

Spyware: I Spy with My Little App

Spyware includes programs that can record what you do on your computer and share that information with a stranger via an Internet connection. Some can watch and record your web-surfing habits. Some log everything you type. Spyware can also capture user IDs and passwords. It might have the ability to see where you have been on the Web. If there's information on your computer that is of interest to someone and can make them a little money, there's probably a spyware program to capture it.

The motivation to spy this way can be criminal (capturing information for identity theft, perhaps) but most often it's commercial in nature. A company wants to understand you better so it can trigger customized ads or analyze your behavior and sell that marketing data.

Adware: Attack of the Pop-ups

Adware is equally annoying because it not only spies on you, but then it shows you ads. Some adware spies on you because its mission is to show you ads customized to your tastes, usually via pop-up ads on your computer's desktop.

Sometimes adware is a legitimate part of a free program. Software publishers often bundle adware in with free programs they offer, using it as a revenue source. Many warn you of the adware during installation in the End User License Agreement, also referred to as an EULA. (That term always make me think of a slightly portly aunt that you hate to kiss but who makes good cupcakes.)

In a computer, the EULA is that scrollable box of soporific text (which probably earned some lawyer a Jacuzzi) that we all have to agree to before we can install a software package.

The EULA's legalese often says that in return for use of the program for free, you must allow the installation of the adware (see Figure 2.2).

Marketing companies that publish and distribute adware often take offense if their products are called spyware. Then again they take offense if you call it anything but install-this-now-because-it's-really-good-ware.

To thwart any potential legal action, computer security companies sometimes call these products potentially unwanted programs or PUPs. Security company McAfeefamous for its antivirus softwarecoined the term.

In any event, it pays to at least skim the EULA before just clicking the Next button. If you see anything suspicious, cancel the installation and do a Google search on the software you're installing. Chances are that if it contains spyware, adware, or any other undesirables, someone will be railing about it on the Internet somewhere.

Snoopware: I Wanna Know What You're Up To!

Snoopware watches your computer habits on behalf of someone else, usually someone you know. This can include parental monitoring softwareprograms designed to track children's computer habits.

Employers might install snoopware to keep an eye on employee computer habits to ensure they're not spending too much time on ineedanewboyfriend.com.

One of the most popular uses of snoopware is to track the behavior of a spouse. Usually it's purchased by wives who suspect their husbands are up to no good on the Internet, though it can equally track wives who might be sending the pool boy spicy emails.

The software can grab screen captures (snapshots of a screen) and record email, chat conversations, and other computer communications. In some cases it can deliver that information in real-time across a computer network.

I'll skip any moral judgments on snoopware and leave that for the nice ladies over at the garden club. Needless to say, it creates lots of controversy.

One of the most famous snoopware software companies is called SpectorSoft at www.spectorsoft.com (see Figure 2.3).

Figure 2.3. SpectorSoft makes a line of snoopware that is designed to record a person's computer habits and report it to someone else.

Browser Hijackers: Turn This Browser Around, We're Going to Cuba.com

Browser hijackers are perhaps the most malicious spyware programs because they are so hard to remove. When you first open your web browser your home page pops open . Most people set this to Google.com, a news site, or their favorite web page.

Browser hijackers override this setting and reset a browser's homepage to one of their choosing, usually a commercial web page. Why? Well, the link to the web page they set can be something called an affiliate link . The hijacker's author makes money when you are sent to the affiliate link.

Sometimes the web page you are directed to contains further affiliate links. Money is earned from affiliate links if you click and buy something or sometimes if you simply just click the link.

Many affiliate links are 100% legitimate. For example, when surfing the Web, you'll often come across a link to a product that takes you to the manufacturer's or third-party reseller's site to purchase the item. The website placing the link on its site earns a kickback. These links generally aren't malicious, but they are capitalistic. The point here, however, is that all affiliate marketing isn't bad. It's just a shame that browser hijackers and the like ruin the party for everyone.

Browser hijackers are a legitimate way for many web content publishers to make income. Unfortunately, it's also a revenue source for spyware makers as well.

Often browser hijackers direct you to a webpage that looks like search sites such as Google or Yahoo!. The most famous browser hijackers are ones that redirect to a website called Cool Web Search (see Figure 2.4). The owners of the Russian-based site say they terminate affiliate arrangements with anyone who writes a browser hijack . Still, lingo has been born from the practice. The worst hijacker offenders are referred to generically as CWS hijacks .

Figure 2.4. Many browser hijacker programs set Internet Explorer home pages to open to the website Cool Web Search.

Why the notoriety? Because this type of spyware can be extremely difficult to remove. Meanwhile, Webroot, an anti-spyware software maker, lists CoolWebSearch (CWS) as its top spyware threat on the Net.

Tip

I show you how to rid yourself of a browser hijack on p. 71 . Make sure you bring your happy face, though. It ain't pretty.

The hijacker program works by initially setting your browser to the homepage it wants. If you reset it, the hijacker's code runs and resets the homepage again the next time your computer restarts or your browser is opened. It's as frustrating as cleaning doorknobs at a finger-painting festival. And worse , removing a browser hijacker requires some serious tinkering behind the scenes in Windows.

Key Loggers: Snooping on Your Typing Skills

Key loggers can either be hardware or software. The software versions run secretly in a computer's memory and capture everything typed into the computer. It then saves it for later analysis by a third party. A key logger can also be a piece of hardware that is attached between a computer's keyboard and its keyboard port.

Sometimes Trojan horses install software key loggers and then give access to the computer to someone on the Internet so they can fetch the log file containing the captured data remotely.

Tip

You might have already surmised this, but cookies are an excellent way for others to easily see what kinds of sites you've visited lately. If you don't clean these out, your spouse, buddies , or co-workers can easily open the Cookies folder (in Windows XP, navigate to Documents and Settings/Username/Cookies) and see what you've been up to lately. If you have any particular proclivities that you'd rather others not know about, keep the incriminating cookies weeded out. See the "Clean Cookies" section later in this chapter to learn how to deal with unwanted cookies.

Dialers: Dial In, Dial Out, Dial Often

Dialers are programs that initialize a computer's modem and call out silently to a toll line and connect to a web page.

It's the computer equivalent of one of those psychic help lines they advertise on TV. The longer you are connected the more you pay. The one difference is the "psychics" on the destination site you're connected to by dialers are not so psychic and they seem to have forgotten their clothes.

Victims can find themselves on the hook to pay a huge phone bill for a lengthy long distance call. Typically it's the charges to a toll number that cause the most pain, however.

The good news is dialers are ineffective if your computer's modem is not connected to a phone line with a dial tone.

Trojan Horses: Pretty Ponies with Deadly Insides

I list Trojan horses here because anti-spyware programs often detect and issue spyware signatures for them. A Trojan horse , named after the famous hollow wooden horse that got the Greeks secretly into Troy, is an innocent-looking innocuous program that contains a virus or some other nasty malware in its belly (for more on Trojan Horses, see Chapter 1, "Viruses: Attacks of the Malicious Programs").

Even though Trojan horses are classified as a form of virus, they are also spyware because they can allow malicious people to connect remotely to your computer over the Internet. These are sometimes called backdoor Trojans because after they are installed on your computer, they can open an electronic backdoor so someone bad can sneak in from the Internet.

Cookies: Does My Oreo Have a Tape Recorder in It?

Cookies are tiny text files stored on your computer (see Figure 2.5) to help websites track your movements through their pages. They also record sign-in data and other site logon information that allows easy access to the site when you come back later. Web shopping baskets also use cookies to keep track of what you have selected to buy as you move from page to page on a shopping site.

Figure 2.5. Cookies are stored as tiny text files on your computer for access by the websites that put them there.

Some anti-spyware programs classify these cookies as spyware. They can be because they do deliver information about your web surfing habits to someone else. But they are not all bad. In fact, some computer cookies are helpful.

Tip

Some anti-spyware scanners might freak you out because they include cookies in their scans . It might look like you have hundreds of spyware infections, but if they are browser cookies they are mostly harmless, though purists will want to clean their cookies on a regular basis.

Although it might seem objectionable to have your movements tracked on your own computer, it's not as insidious as you might think. Web programmers that code their sites to put cookies on your computer are the only entities that know the cookies are there. And they are the only ones that can access the information.

But cookies should be the least of your worries. Be more concerned about spilling guacamole on the cat.

If you visit, let's say, www.drunklazyhusbands.com, and it gives you a cookie to store on your computer, www.annoyedwiveslookingfortheirhusbands.com won't know about that cookie.

There have been circumstances where some browsers have had security vulnerabilities around cookies. For example, Microsoft issued a security patch when it was discovered that Internet Explorer 5 and earlier browsers would allow malicious website operators to gain access to cookies generated by another site and read, add to, or change them.

If you are worried, you can delete cookies from your computer. (See the "Clean Cookies" section on p. 64 to learn how to do that.) If you do, some sites you visit regularly won't know who you are. If you have provided a site with preferences, the deletion of your cookies destroys that information. Shopping sites use cookies frequently, so if you delete your cookies, you will have to re-enter information you have provided previously. And deleting cookies as you buy stuff on a website would empty your shopping basket .

Cookies that are considered spyware are issued by web ad networks (see Figure 2.6). These keep track of the kind of ads you respond to so they can provide more targeted material to you.

Figure 2.6. The anti-spyware program Spybot Search & Destroy earmarks the cookies on your computer that it considers to be spyware.

And in case you were wondering, if you visit keebler.com or oreo.com, you do get sent cookies, but sadly, not the delicious kind.