United States
Understand IP addresses even if you're not a math major
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

White Papers

Case Studies

Network Security Glossary

Foundations: How Does Spyware Get onto My Computer?

By Corey Nachreiner, Network Security Analyst, WatchGuard Technologies

[Editor's note: Our article, "Foundations: Avoiding Dangerous URLs," drew high acclaim from readers. LiveSecurity subscriber Tiffany Allshouse, an MCSE at CPros, Inc., suggested a follow-up topic we liked so much, we wrote today's article. Please feel free to forward it within your organization to non-technical users who could benefit from a more educated approach to Web surfing. -- Scott]

"Corey!" yells my dad as I stumble into the door of my parent's house, balancing an infant, a backpack, and two suitcases. "Your sister has screwed up my computer again!"

Informal tech support is my routine role when I visit my folks. As I drop my bags, hand off the baby, and pass the Pomeranian's leash to my wife, my dad stomps up the stairs from his basement office, complaining, "The machine's gone bonkers! Every time I try to go on the Net I get all these pop-ups, and the browser runs really slow. I don't even get MyMSN homepage anymore."

Dodging my daughter's chubby little hands grasping for my hair, I say, "I'll take a look."

When I make it down to Dad's office PC, it takes me all of three seconds to diagnose his problem. "Dad, you've been infected by spyware."

Hm, how shall I politely paraphrase his heated response? Let's say Dad shouts, "How the heck did that get on there?"

You've probably asked yourself this same question after encountering irritating pop-ups, useless toolbars, and mysterious bookmarks in Internet Explorer (IE). How did they get on my PC? I didn't install them. What can I do to get rid of them?

This article has the answers.

Spyware? What's that?

Spyware is the catchy name for malicious software that hides on your computer and sends information about you, your PC, or your Web-surfing habits to someone else on the Internet. Spyware takes many forms. It can be a program that starts over whenever you restart your computer, Web "bugs" that invisibly track your clicks, or even code that takes over Internet Explorer (IE) and steers it someplace you didn't want to go.

Most often, malicious advertisers use spyware to gather information about what Web pages you visit and what you buy online. They use their findings to forcefully deliver ads to your computer that match your interests. Although this doesn't sound too nefarious, the ad-delivering spyware can clog up your computer, slowing it down or even crashing it. Plus, their diabolically persistent pop-up ads can drive the sanest user mad. Even the most polite spyware does not have your interests at heart. It's there to make money.

Spyware also takes more harmful forms. For instance, some spyware records your keystrokes. These malicious variants can learn your logins, passwords, and even your credit card information. The spyware creators swear that they won't exploit this private data. That's like someone sneaking into your house through a window, then when caught, promising, "I won't hurt anything, I just want to watch you." Creepy!

Whether you encounter the pesky ad-generating variety or the more stealthy, sinister variations, spyware is generally something you don't want.

How the heck does it get onto my PC?

As its name suggests, spyware uses elusive techniques to slink its way onto your PC. Here are the three most common methods.

Spyware can hide inside desirable freeware and shareware programs

Next time you download a free scenic screensaver or a cute mini-game, remember that you might get more than meets the eye.

Many "free" applications come booby-trapped with ad-generating spyware. When you install the application, it also infects your PC with a spyware program. These deceptive applications don't go out of their way to advise you of the attached spyware. At best, they bury information about the spyware deep within their complex End User License Agreements (EULAs). Spyware creators know that most users don't read these lengthy legal documents.

Luckily, you won't find spyware bundled with every freeware and shareware offer. Instead, spyware tends to partner itself with legally-suspect Internet applications. For instance, spyware seems particularly fond of Peer-to-Peer (P2P) applications (best known as the kind of music-sharing programs teenagers are fond of). Many P2P programs, such as Kazaa, eDonkey, and Exeem, have come bundled with spyware.

Spyware can hide on the Web pages you browse

Most people feel relatively safe bro ws ing the Net. You shouldn't! Many areas of the Web offer about as much safety as a rickety old barn in a tornado.

You don't have to try to download something from a Web site to get infected. Spyware often hides in the code of Web pages. By taking advantage of Web browser vulnerabilities (particularly those found in IE), spyware can secretly download and install itself onto your computer without your knowledge.

Legitimate Web sites have accidentally introduced spyware to their visitors through spyware-infected banner ads. Ironically, when spyware on your PC generates pop-up ads, you can get doubly infected by new spyware in those ads!

Thankfully, most legitimate Web sites don't deal with spyware creators. You're most likely to encounter it when wandering the darker neighborhoods on the Net. Sites containing porn, illegal software, illicit product serial numbers, and online gambling present the most risk for spyware infections. But pleasant-looking sites can hide danger, too. In general, any offer on the Internet that seems too good to be true, probably is.

Spyware can hide in HTML email

Since certain types of Web sites tend to spread spyware, you can just avoid those sites, right? Not exactly. If you won't go to spyware, it'll come to you. The same people spreading spyware also have strong affiliations with junk emailers and spam. These miscreants can exploit the same vulnerabilities they use on Web pages, to deliver spyware right to your Inbox via HTML email advertisements. They send out millions of Web-based emails advertising anything from Viagra to fake Rolex watches. Just by opening one of these unsolicited HTML emails, you can unknowingly infect your PC with spyware.

Keeping Dad infection-free

After a long afternoon of cleaning a particularly insidious strain of spyware from my dad's PC, I figured he needed some tips to avoid a repeat. I made sure my sister listened, too, since her Kazaa installation probably caused Dad's problem. Here's what I told them:

  • Avoid bad neighborhoods on the Net. Web sites dealing in porn, illegal software, and gambling have a higher chance of containing spyware. As Scott Pinzon's article, "Foundations: Avoiding Dangerous URLs," suggests, avoid straying into the dangerous part of the Internet.
  • Free software isn't always free. Carefully consider the "free" software you download and install. If spyware is attached, you'll end up paying for that freeware with pop-up advertisements or advertisers hijacking your Web searches. Before installing a free program, check to see if it sho ws up in the Spyware-Guide's or SpyChecker's lists of known spyware. Don't forget to read the software's license agreement. Where possible, stick with well-known brands of software that have a reputation to protect.
  • Don't use peer-to-peer software. Not only do their installers tend to include spyware, but the software you download while on a P2P network may include spyware, viruses, and worms. Dump Morpheus, Kazaa, Limewire, and their kin.
  • Don't open unsolicited email. Simply opening certain unsolicited email messages can trigger spyware infections. Don't open spam!
  • Ask your network administrator for anti-spyware tools. I use Ad-Aware, Spybot, and the more recent MS Anti-Spyware (BETA) tool. Whatever tools you choose, keep them up to date.
  • Tweak IE's Security Settings. In IE, click Tools => Internet Options => Security tab. You should set IE's security level at least to Medium. Click the Default Level button and then move the slider to Medium. As an extra tweak, click the Custom Level... button and scroll down till you see Scripting. Now, disable Active Scripting. This helps prevent malicious Web sites from automatically installing spyware. It might also disrupt legitimate scripts, so check with your network administrator before taking this step.
  • Be careful who uses your computer. Following all these tips won't help if you share your computer with someone else who doesn't follow them. Another user's innocent mistake could open the floodgates to your computer's spyware infestation.

It's been three months since that trip to my parent's house and, after learning my tips, Dad has remained spyware-free. He enjoys bro ws ing the Web quickly and safely again and makes sure my sister downloads MP3s on her own system. You, too, can dodge annoying spyware infections by following these simple tips.##