Spyware Removers Spyware is malicious software intended to intercept or take partial control of your computer without your informed consent. Homepage About spyware Routes of infection Effects and behaviors Do a free scan now

Routes of infection

The most direct route by which spyware can get on a computer involves persuading or tricking the user to install it. However, users may demonstrate reluctance to install software if they know that it may disrupt their working environment and compromise their privacy. So many spyware programs deceive users, either by piggy-backing on a piece of desirable software, or by tricking users to do something that installs the software without their realizing it.

Classically, the definition of a Trojan horse involves something dangerous that comes in the guise of something desirable. Some spyware programs spread in just this manner. The distributor of spyware presents the program as a useful utility -- for instance as a "Web accelerator" or as a helpful software agent. Users download and install the software, only to find out later that it can cause harm. For example, Bonzi Buddy, a spyware program targeted at children, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!

WhenU spyware "supports" the The BearShare file-trading program. In order to install BearShare, users must agree to install "the SAVE! bundle" from WhenU. The installer provides only a tiny window in which to read the lengthy license agreement. Although the installer claims otherwise, the software transmits users' browsing activity to WhenU servers. Spyware can also come bundled with shareware or other downloadable software. The user downloads a program -- for instance, a music program or a file-trading utility -- and installs it; the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software, as with the Gator spyware now marketed by Claria. In other cases, spyware authors have repackaged desirable software with installers that add spyware.

A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. The Internet Explorer web browser, by design, does not allow web sites to initiate an unwanted download. Instead, a user action - such as clicking on a link - has to trigger a download. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as "Would you like to optimize your Internet access?" with links which look like buttons reading Yes and No. No matter which "button" the user presses, a download starts, placing the spyware on the user's system. Later versions of Internet Explorer offer fewer avenues for this attack.

Some spyware authors infect a system by attacking security holes in the web browser or in other software. When the user navigates to a web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware. This has become known as a "drive-by download" (by analogy to drive-by shooting), which treats the user as a hapless bystander. Common attacks target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime.

Internet Explorer also serves as a point of attachment for these programs, which install themselves as Browser Helper Object plugins.

In a few cases, a worm or virus has delivered a payload of spyware. For instance, some attackers used the W32.Spybot.Worm worm to install spyware that popped up pornographic ads on the infected system's screen. By directing traffic to ads set up to channel funds to the spyware authors, they can profit even by such clearly illegal behavior.