Winphuk
April 30th, 2003, 10:24 PM
The Wonderful World of Spyware – a Tutorial on Spyware Identification and Prevention
With the exponential growth of the use of PCs and high speed Internet services, each day, I have been coming into contact with new users who are excited to explore new websites, send e-mails, chat with friends, and with the growing publicity concerning the use of peer-to-peer services, downloading free music, as well as other goodies.
All too many times I would go to the home of a friend or a client needing technical services, and I would come across a desktop with porn dialers, a big banner for an online casino, and upon using their Internet browser, I would encounter porn advertisements that seem to pop up from the most unlikely of places (such as the Google search engine).
When I try to explain to them that their PC is infested with Spyware, they seem to not have inkling that there is anything wrong.
For new users, which come to this site seeking information, I will go over a few basic concepts to expel any misconceptions of what the Internet actually is.
Understandably, people can be easily deluded into thinking that Web surfing is an activity similar to watching TV in that your anonymously viewing screens with various information, while one’s protected in their own bubble within the privacy of their own home, but nothing can be farther from truth.
What is the Internet?
The first way to try to define the Internet, is attempting to define what it’s not. As I stated before, it is not synonymous with turning on your TV and watching a program, being completely unidentifiable by the broadcasting network. (This does not hold true, however with your Cable Service provider. For those who use illegal cable boxes, your provider can tell what channel you are watching at any time of the day. If they notice that your cable box is tuned to a specific channel that you did not pay to receive a signal from, they will zap your box with one push of a button, and then they will hope that you will be stupid enough bring your descrambler in for service. Don’t laugh because people actually do this!)
Clients and Servers
Computers typically take on one of two roles, which are clients and servers. Simply a client computer is a computer seeks out other computers to connect to, and a server is a computer that sits passively and waits for a connection from a client computer. When you open up your web browser and type in a URL to download a web page, your computer is taking on the role of a client. The data that you send is resolved into the IP address of the server that is hosting the information which you are seeking. That server has left an open door for you to enter into and explore that particular area of the computer. You can think of it as a store that allows you to enter and browse the sales floor, but locks the main office to protect the safe and any crucial information that may endanger the business if it is left open to prying eyes.
Have you Locked Your Doors?
Many people, however, are unaware that their PC is often used as a server without their knowledge or consent.
Imagine walking out of your house everyday with the front door and windows wide open, all of your bills sitting out on the kitchen table, your wallet laying on floor in plain site for all passers by to see. Along with your bills, there are also your bank statements, your porno magazines and videos, your address book and anything else that you wish to keep away from public view.
Better yet, think of somebody following you around with a video camera (or in this case, planting one on you), recording your every move 24 hours a day, watching what brand of cereal you eat, knowing your sexual fetishes, following you to every store that you frequent, writing down the brand names of all products that you buy, eavesdropping on every conversation that you have with your friends, and takes a note of all the TV shows you like to watch and all of the artists that you listen to.
And if that isn’t invasive enough for you, that same person who is taking down this information is calling up various advertisers from the products that you buy, and is selling your name, address, and phone number, so that when you get home for work and your ready for a relaxing dinner, you are flooded with telemarketing calls from every company that knows your personal business. And never mind sorting through the junk mail.
Does this sound far fetched to you? If you are a new PC or Internet user, and have not been educated about the use of spyware, it is almost certain that this is happening to you at this very moment. Although there is nobody following you around with a video camera, there are companies who plant various programs in your computer, to track all of your surfing habits, record information, and sell that information to companies that want to bombard you with advertisements, in attempt to get you buy their products. Worse yet, you can fall victim to credit card thieves who record your key logging strokes when you fill out an online form, or a sociopath hacker who causes needless destruction to people’s hard drives for no other reason, but that “they can”.
Adware vs. Spyware
Many users equate adware with spyware in terms of their invasiveness. Although they both serve a similar purpose, there is a fundamental difference between the two.
What is Adware?
Adware is a program that displays advertising banners while the program is running. One great aspect of the Internet is the availability of virtually free information, and many free applications for one to download and utilize. According to the famous cliché that “nothing is free”, the development and maintenance of these sites and applications cost money.
No matter how much one may love their work there are still mouths to feed and bills to pay so they get advertisers to pay them money to display their banners while the user runs their application. With adware, no personal information about the users is sent to the advertising companies without the user’s consent. It is much like watching T.V commercials. They may be annoying, but they pay the bills so that you don’t have to (unless you have a cable company like mine who charges an extra fee for Broadcast Television).
What is Spyware?
Spyware is defined as sneaky little programs that are secretly put into one’s computer to gather information about a user, in order to give such information to advertisers or anybody who’s willing to pay for it. These programs are installed in the computer without the user’s consent.
Many spyware programs are found in “Freeware”. Freeware is just what it sounds like. Programs that you can download free of charge, but the only catch is that they are bundled with one or more spyware programs. One of the most well known programs is “Gator”, which is an application that makes it easier for you to fill out online forms, by remembering your information. Do you like the sound of that?
Browser Hijackers
Aside from downloading and installing programs at your volition, the Web is filled with all different sorts of booby traps for you fall into. For example have you ever typed in a URL that didn’t exist, and instead of getting the classic 404 message that the server was not found, you were redirected to a search page that you never intended to come across. Well, you have just been hijacked.
What’s known as a “Browser Hijacker” modifies the settings in your web browser, to either change your homepage to that company’s homepage, or a different search page that would most likely bypass the search itself, and redirect you to a paysite. There is nothing justifiable in using this method. How dare they mess with your computer settings without your consent? That’s why it’s called hijacking. iGetNet, ILookUp, and LoadFonts are three known browser hijackers.
Browser Plug-ins
Have you ever been surfing the web and you just happen to notice a search bar in your browser that just wasn’t there before? These little tools pass themselves off to be a convenient search utility, but what it actually does is record your search entries and sends them home to its master. These are known as browser plug-ins. A lot of those “surf the web for cash” schemes use these programs. Comet Cursor, Alexa and Huntbar are among the few.
Keyloggers
Commercial Keyloggers to exactly what their name implies. They monitor the user’s keystrokes in order to gather information about the user to relay back to its creator. I-Spy,
NetTrack and WinGuardian are among the perpetrators.
Dialers
An absolute crime!!! You sometimes find these sitting on your desktop after you close your web browser. Curious to find out what it may be, you open up the program and it makes an attempt to dial your modem. It’s usually either an expensive 1-900 number or an international call with which you’ll be paying through the nose. After you delete this travesty of a program from your desktop, much to your dismay, you find that the dialer was planted in several locations on your hard drive. What a dirty trick! Among the dials are names like BillByCall, DialerFactory, and HotActionDating.
Malware
These can just simply be defined as programs that you did not ask for, and when executed, does things that you would just never want done to your computer. Here are some excerpts taken from spywareguide.com that go into detailed description of the atrocities performed by Malware:
ClientMan:
First reported as suspicious, it became clear soon that it will pass the ZoneAlarm firewall without user consent. When it tries to connect to the Internet and ZoneAlarm displays its dialog whether the program should be allowed to connect or not, ClientMan will auto-click the 'Yes' button after checking the 'Always' checkbox. This way, it grants itself Internet Access without the user even noticing more than a short flash of the ZA dialog.
• Stays resident in background
• Stealth: hides itself from user
• Makes changes to browser settings
• Connects to the internet by itself
Virtual Bouncer
It drive-by installs, phones home after install, gives itself the right (in the EULA) to download and install software from its servers, and you have to *pay them* for a "subscription" with a credit card to have it removed, then opt out of having the "subscription" automatically renewed.
Spyware guide.com http://www.spywareguide.com has an extensive list of many different types of spyware and their descriptions.
What do I do?
The first key is prevention. Be careful about clicking on popup windows that appear in your face. When you come across any freeware, before you install, read the licensing agreement. When you go to a shady website, its advisable read the privacy policy. Sometimes a site may ask your permission to download software in order to view their page. Unless it’s a Macromedia plug-in such as Flash or Shockwave, chances are very likely that it is spyware. Ask yourself if you really need to download the program. Furthermore, whatever you do, DO NOT! DO NOT! DO NOT!!! Download a program that’s synonymous with porn. I guarantee you that it is spyware. It will make itself pretty obvious. You will see something like “Would you like to download and run bigboobs.exe”. Say no and RUN!
What can I do if my Computer is Infected with Spyware?
Not to worry. Even the most cautious of users can end up with spyware crawling in their systems. One of the most common places for a spyware to nest itself is in one’s registry. There are many spyware removal utilities that are free for download. There are some different registry cleaners as well.
The most common spyware removal application is a free program called “Adaware”. You can download this free of cost from http://www.lavasoft.de/.
Another popular program is called “SpyBot” which you can download from: http://security.kolla.de/index.php?lang=en&page=download.
Other Spyware removal Programs can be found here: http://www.cexx.org/noadware.htm
Concerning Peer-To-Peer
There are a few Peer-To-Peer programs that come bundled with spyware. An example would be the Kazaa Media Desktop, which uses Cydoor which is a required component in order for the application to run. If you like Kazaa and desire to use their network, it is suggested that you download Kazaa Lite. Kazaa Lite is free of any Adware and Spyware. You can get it from here. http://home.hccnet.nl/h.edskes/mirror.htm#kazaa202e
Neo-Napster is a horrible application that is absolutely INFESTED with spyware. It is jam packed with porn dialers, a browser plug-in and a nice link to an online casino that rests in your start menu. Unless they have recently changed their ways, all I have to say to you is STAY AWAY!
There is a warning concerning the peer to peer application iMesh from Gibson Research, a reputable security source which states:
iMesh Warning!
We do NOT endorse the iMesh File Sharing System.
An erroneous page on the iMesh web site: www.imesh.com/SpyWare.html points to this page and misleads people into believing that we are somehow endorsing the spyware-free nature of their software. This is not true.
We have received reports that iMesh is infested with nasty, self-interested, spyware-style software of several known varieties that will infect and can damage personal computers. It is the LAST THING we would ever endorse.
It may be that you will need to tolerate this sort of invasive and intrusive low-life software in order to use any of today's "free" file sharing systems. But please don't do so under the belief that we have said that any of them were free from this sort of hidden nightmare.
http://grc.com/oo/spyware.htm
In Conclusion
There is so much more information that I would like to expound on this subject so, if you like what you read, or want to get into more advanced concepts in this subject, then drop me a P.M at Zeropaid, username, Winphuk, or post a reply.
I would like to leave you with a list of sources that were most helpful in guiding me in writing this tutorial.
http://www.spychecker.com/spyware.html
http://grc.com/optout.htm
http://www.spychecker.com/
http://www.spywareinfo.com/
http://www.spyware.co.uk/
http://www.wired.com/news/technology/0,1282,49960,00.html
http://www.wired.com/news/technology/0,1282,49960-2,00.html
http://www.cexx.org/
http://www.cexx.org/vx2.htm
http://www.spywareonline.org/spyware.html
http://www.salon.com/tech/feature/2002/04/26/hollings_spyware/
http://dir.salon.com/tech/feature/2001/08/02/parasite_capital/index.html
http://www.suttondesigns.com/EnigmaBrowser/Spyware.html
http://news.com.com/2100-1023-877568.html
http://news.com.com/2009-1023-985524.html
http://www.spywareguide.com/product_list_full.php?pageNum_Rs1=2&totalRows_Rs1=197
http://www.spywareguide.com/
These links will provide you with a great wealth of information.
Thanks for reading. Cheers!
With the exponential growth of the use of PCs and high speed Internet services, each day, I have been coming into contact with new users who are excited to explore new websites, send e-mails, chat with friends, and with the growing publicity concerning the use of peer-to-peer services, downloading free music, as well as other goodies.
All too many times I would go to the home of a friend or a client needing technical services, and I would come across a desktop with porn dialers, a big banner for an online casino, and upon using their Internet browser, I would encounter porn advertisements that seem to pop up from the most unlikely of places (such as the Google search engine).
When I try to explain to them that their PC is infested with Spyware, they seem to not have inkling that there is anything wrong.
For new users, which come to this site seeking information, I will go over a few basic concepts to expel any misconceptions of what the Internet actually is.
Understandably, people can be easily deluded into thinking that Web surfing is an activity similar to watching TV in that your anonymously viewing screens with various information, while one’s protected in their own bubble within the privacy of their own home, but nothing can be farther from truth.
What is the Internet?
The first way to try to define the Internet, is attempting to define what it’s not. As I stated before, it is not synonymous with turning on your TV and watching a program, being completely unidentifiable by the broadcasting network. (This does not hold true, however with your Cable Service provider. For those who use illegal cable boxes, your provider can tell what channel you are watching at any time of the day. If they notice that your cable box is tuned to a specific channel that you did not pay to receive a signal from, they will zap your box with one push of a button, and then they will hope that you will be stupid enough bring your descrambler in for service. Don’t laugh because people actually do this!)
Clients and Servers
Computers typically take on one of two roles, which are clients and servers. Simply a client computer is a computer seeks out other computers to connect to, and a server is a computer that sits passively and waits for a connection from a client computer. When you open up your web browser and type in a URL to download a web page, your computer is taking on the role of a client. The data that you send is resolved into the IP address of the server that is hosting the information which you are seeking. That server has left an open door for you to enter into and explore that particular area of the computer. You can think of it as a store that allows you to enter and browse the sales floor, but locks the main office to protect the safe and any crucial information that may endanger the business if it is left open to prying eyes.
Have you Locked Your Doors?
Many people, however, are unaware that their PC is often used as a server without their knowledge or consent.
Imagine walking out of your house everyday with the front door and windows wide open, all of your bills sitting out on the kitchen table, your wallet laying on floor in plain site for all passers by to see. Along with your bills, there are also your bank statements, your porno magazines and videos, your address book and anything else that you wish to keep away from public view.
Better yet, think of somebody following you around with a video camera (or in this case, planting one on you), recording your every move 24 hours a day, watching what brand of cereal you eat, knowing your sexual fetishes, following you to every store that you frequent, writing down the brand names of all products that you buy, eavesdropping on every conversation that you have with your friends, and takes a note of all the TV shows you like to watch and all of the artists that you listen to.
And if that isn’t invasive enough for you, that same person who is taking down this information is calling up various advertisers from the products that you buy, and is selling your name, address, and phone number, so that when you get home for work and your ready for a relaxing dinner, you are flooded with telemarketing calls from every company that knows your personal business. And never mind sorting through the junk mail.
Does this sound far fetched to you? If you are a new PC or Internet user, and have not been educated about the use of spyware, it is almost certain that this is happening to you at this very moment. Although there is nobody following you around with a video camera, there are companies who plant various programs in your computer, to track all of your surfing habits, record information, and sell that information to companies that want to bombard you with advertisements, in attempt to get you buy their products. Worse yet, you can fall victim to credit card thieves who record your key logging strokes when you fill out an online form, or a sociopath hacker who causes needless destruction to people’s hard drives for no other reason, but that “they can”.
Adware vs. Spyware
Many users equate adware with spyware in terms of their invasiveness. Although they both serve a similar purpose, there is a fundamental difference between the two.
What is Adware?
Adware is a program that displays advertising banners while the program is running. One great aspect of the Internet is the availability of virtually free information, and many free applications for one to download and utilize. According to the famous cliché that “nothing is free”, the development and maintenance of these sites and applications cost money.
No matter how much one may love their work there are still mouths to feed and bills to pay so they get advertisers to pay them money to display their banners while the user runs their application. With adware, no personal information about the users is sent to the advertising companies without the user’s consent. It is much like watching T.V commercials. They may be annoying, but they pay the bills so that you don’t have to (unless you have a cable company like mine who charges an extra fee for Broadcast Television).
What is Spyware?
Spyware is defined as sneaky little programs that are secretly put into one’s computer to gather information about a user, in order to give such information to advertisers or anybody who’s willing to pay for it. These programs are installed in the computer without the user’s consent.
Many spyware programs are found in “Freeware”. Freeware is just what it sounds like. Programs that you can download free of charge, but the only catch is that they are bundled with one or more spyware programs. One of the most well known programs is “Gator”, which is an application that makes it easier for you to fill out online forms, by remembering your information. Do you like the sound of that?
Browser Hijackers
Aside from downloading and installing programs at your volition, the Web is filled with all different sorts of booby traps for you fall into. For example have you ever typed in a URL that didn’t exist, and instead of getting the classic 404 message that the server was not found, you were redirected to a search page that you never intended to come across. Well, you have just been hijacked.
What’s known as a “Browser Hijacker” modifies the settings in your web browser, to either change your homepage to that company’s homepage, or a different search page that would most likely bypass the search itself, and redirect you to a paysite. There is nothing justifiable in using this method. How dare they mess with your computer settings without your consent? That’s why it’s called hijacking. iGetNet, ILookUp, and LoadFonts are three known browser hijackers.
Browser Plug-ins
Have you ever been surfing the web and you just happen to notice a search bar in your browser that just wasn’t there before? These little tools pass themselves off to be a convenient search utility, but what it actually does is record your search entries and sends them home to its master. These are known as browser plug-ins. A lot of those “surf the web for cash” schemes use these programs. Comet Cursor, Alexa and Huntbar are among the few.
Keyloggers
Commercial Keyloggers to exactly what their name implies. They monitor the user’s keystrokes in order to gather information about the user to relay back to its creator. I-Spy,
NetTrack and WinGuardian are among the perpetrators.
Dialers
An absolute crime!!! You sometimes find these sitting on your desktop after you close your web browser. Curious to find out what it may be, you open up the program and it makes an attempt to dial your modem. It’s usually either an expensive 1-900 number or an international call with which you’ll be paying through the nose. After you delete this travesty of a program from your desktop, much to your dismay, you find that the dialer was planted in several locations on your hard drive. What a dirty trick! Among the dials are names like BillByCall, DialerFactory, and HotActionDating.
Malware
These can just simply be defined as programs that you did not ask for, and when executed, does things that you would just never want done to your computer. Here are some excerpts taken from spywareguide.com that go into detailed description of the atrocities performed by Malware:
ClientMan:
First reported as suspicious, it became clear soon that it will pass the ZoneAlarm firewall without user consent. When it tries to connect to the Internet and ZoneAlarm displays its dialog whether the program should be allowed to connect or not, ClientMan will auto-click the 'Yes' button after checking the 'Always' checkbox. This way, it grants itself Internet Access without the user even noticing more than a short flash of the ZA dialog.
• Stays resident in background
• Stealth: hides itself from user
• Makes changes to browser settings
• Connects to the internet by itself
Virtual Bouncer
It drive-by installs, phones home after install, gives itself the right (in the EULA) to download and install software from its servers, and you have to *pay them* for a "subscription" with a credit card to have it removed, then opt out of having the "subscription" automatically renewed.
Spyware guide.com http://www.spywareguide.com has an extensive list of many different types of spyware and their descriptions.
What do I do?
The first key is prevention. Be careful about clicking on popup windows that appear in your face. When you come across any freeware, before you install, read the licensing agreement. When you go to a shady website, its advisable read the privacy policy. Sometimes a site may ask your permission to download software in order to view their page. Unless it’s a Macromedia plug-in such as Flash or Shockwave, chances are very likely that it is spyware. Ask yourself if you really need to download the program. Furthermore, whatever you do, DO NOT! DO NOT! DO NOT!!! Download a program that’s synonymous with porn. I guarantee you that it is spyware. It will make itself pretty obvious. You will see something like “Would you like to download and run bigboobs.exe”. Say no and RUN!
What can I do if my Computer is Infected with Spyware?
Not to worry. Even the most cautious of users can end up with spyware crawling in their systems. One of the most common places for a spyware to nest itself is in one’s registry. There are many spyware removal utilities that are free for download. There are some different registry cleaners as well.
The most common spyware removal application is a free program called “Adaware”. You can download this free of cost from http://www.lavasoft.de/.
Another popular program is called “SpyBot” which you can download from: http://security.kolla.de/index.php?lang=en&page=download.
Other Spyware removal Programs can be found here: http://www.cexx.org/noadware.htm
Concerning Peer-To-Peer
There are a few Peer-To-Peer programs that come bundled with spyware. An example would be the Kazaa Media Desktop, which uses Cydoor which is a required component in order for the application to run. If you like Kazaa and desire to use their network, it is suggested that you download Kazaa Lite. Kazaa Lite is free of any Adware and Spyware. You can get it from here. http://home.hccnet.nl/h.edskes/mirror.htm#kazaa202e
Neo-Napster is a horrible application that is absolutely INFESTED with spyware. It is jam packed with porn dialers, a browser plug-in and a nice link to an online casino that rests in your start menu. Unless they have recently changed their ways, all I have to say to you is STAY AWAY!
There is a warning concerning the peer to peer application iMesh from Gibson Research, a reputable security source which states:
iMesh Warning!
We do NOT endorse the iMesh File Sharing System.
An erroneous page on the iMesh web site: www.imesh.com/SpyWare.html points to this page and misleads people into believing that we are somehow endorsing the spyware-free nature of their software. This is not true.
We have received reports that iMesh is infested with nasty, self-interested, spyware-style software of several known varieties that will infect and can damage personal computers. It is the LAST THING we would ever endorse.
It may be that you will need to tolerate this sort of invasive and intrusive low-life software in order to use any of today's "free" file sharing systems. But please don't do so under the belief that we have said that any of them were free from this sort of hidden nightmare.
http://grc.com/oo/spyware.htm
In Conclusion
There is so much more information that I would like to expound on this subject so, if you like what you read, or want to get into more advanced concepts in this subject, then drop me a P.M at Zeropaid, username, Winphuk, or post a reply.
I would like to leave you with a list of sources that were most helpful in guiding me in writing this tutorial.
http://www.spychecker.com/spyware.html
http://grc.com/optout.htm
http://www.spychecker.com/
http://www.spywareinfo.com/
http://www.spyware.co.uk/
http://www.wired.com/news/technology/0,1282,49960,00.html
http://www.wired.com/news/technology/0,1282,49960-2,00.html
http://www.cexx.org/
http://www.cexx.org/vx2.htm
http://www.spywareonline.org/spyware.html
http://www.salon.com/tech/feature/2002/04/26/hollings_spyware/
http://dir.salon.com/tech/feature/2001/08/02/parasite_capital/index.html
http://www.suttondesigns.com/EnigmaBrowser/Spyware.html
http://news.com.com/2100-1023-877568.html
http://news.com.com/2009-1023-985524.html
http://www.spywareguide.com/product_list_full.php?pageNum_Rs1=2&totalRows_Rs1=197
http://www.spywareguide.com/
These links will provide you with a great wealth of information.
Thanks for reading. Cheers!