Spyware Prevention and Detection

The Internet has become a popular method for both conducting business and managing finances through online banking relationships. While most financial institutions and some individuals have taken steps to protect their computers, many firewall and anti-virus software packages do not protect computers from one of the latest threats, spyware . Spyware is a form of software that collects personal and confidential information about a person or organization without their knowledge or consent, and reports it to a third party.

A more accurate description of spyware is that it is a group of software applications designed to collect your personal information or change the configuration of your computer without your consent. These applications can be downloaded to your computer by way of an infected file, planted without your knowledge when you visit a web site, or installed along with another software application.

Spyware Infection
Spyware is usually installed without a user's knowledge or permission. However, users may intentionally install spyware without understanding the full ramifications of their actions. A user may be required to accept an End User Licensing Agreement (EULA), which often does not clearly inform the user about the extent or manner in which information is collected. In such cases, the software is installed without the user's informed consent.

Spyware can be installed through the following methods:

Downloaded with other Internet downloads in a practice called bundling. In many cases, all the licensing agreements may be included in one pop-up window that, unless read carefully, may leave the user unaware of bundled spyware.

Directly downloaded by users who were persuaded that the technology offers a benefit. Some spyware claims to offer increased productivity, virus scanning capabilities or other benefits.

Installed through an Internet browsing technique called drive-by downloads. In this technique, spyware is installed when a user simply visits a Web site. The user may be prompted to accept the download believing it is necessary in order to view the Web page. Another method is to prompt the user to install the program through pop-up windows that remain open, or download the software regardless of the action taken by the user.

Automatically downloaded when users open or view unsolicited e-mail messages.

Once a piece of spyware has been installed on your computer, it does one of two things: it either sits quietly in the background collecting information like account numbers, usernames, and passwords or it changes the configuration of your computer to allow a hacker access to your machine.

In the first case, the spyware is often called a keylogger – an application that logs every keystroke that you make when you’re using your keyboard. Once downloaded to your computer, keyloggers create a file where all of your keystrokes are stored, then each time you connect to the Internet a copy of that file is sent to a server somewhere else on the Web. Criminals then download that file and extract any valuable information that it might contain. That information is then sold to another criminal who uses it for a variety of different illegal activities, including identity theft.

The other use of spyware is to change the configuration of your computer. When criminals use spyware in this manner, the program is installed on your computer and then it changes the configuration of your computer to allow that criminal to gain access to your machine, even if you’re protected by a firewall or other security software. Essentially, it’s like opening a door to your hard drive.

The criminal can then hack into your computer and either access personal information that’s stored on the computer or lock you out of the computer and use it connected to a group of other hi-jacked computers – called a botnet – to conduct some other criminal activity online. Criminals may even use your computer to send spyware and other malicious software, out to others.

Behaviors Associated With Spyware

One of the most difficult aspects of controlling spyware is that sometimes it is hard to spot. Some spyware distributors have become so adept at disguising their programs that you can be infected and never know it. But more often than not there is at least one symptom of a spyware infection.

Some of the indicators that you may experience if you’ve been infected with spyware include:
• Endless pop-up windows that open one right after another as you close them.
• You type one Web address into your browser’s address bar but are redirected to another.
• New, unexpected toolbars appear in your web browser.
• New, unexpected icons appear in the task tray at the bottom of your screen.
• Your browser's home page is suddenly changed and each time you try to change it back the effort fails.
• Random Windows error messages begin to appear without explanation.
• The operations of your computer slow dramatically when you’re opening programs or processing tasks such as saving files.

The only way to know for sure if your computer has been infected with spyware, however, is to scan your hard drive using an anti-spyware application. Anti-spyware applications work in much the same way that anti-virus applications work. Once you install the anti-spyware application on your computer, you can set it up to scan your files regularly. Also keep the anti-spyware program up-to-date. An anti-spyware application that’s not up-to-date can miss the most recent threats, leaving you vulnerable.

Risks Associated With Spyware

Spyware increases the risk to the user by:

Exploiting security vulnerabilities or settings, changing the computer configuration to relax security settings, or allowing a channel into the user s PC by circumventing the firewall. The result is that attackers can eavesdrop and intercept sensitive communications by monitoring keystrokes, e-mail and Internet communications. This monitoring may lead to the compromise of sensitive information, including user IDs and passwords.

Providing attackers the ability to control computers to send unsolicited junk e-mail (SPAM) or malicious software (Malware), or to perform denial of service (DoS) attacks against organizations.

Draining system resources and slowing down the computer.

Compromising confidentiality. Certain types of spyware route all Internet communications through their own servers, often without the user's knowledge. This allows a third party to read sensitive Internet communications even when Secure Socket Layer (SSL) or other encryption protocols are used. Other forms of spyware install an application on the user's computer that monitors and records all Internet communications and sends the report back to the originator. Identity thieves may then impersonate the customer using the IDs and passwords collected.

Increasing vulnerability to phishing and pharming attacks, as some spyware can redirect Internet page requests. Phishing seeks to lure a user to a spoofed (imposter) Web site using an e-mail that appears to come from a legitimate site. Pharming seeks to redirect a user to a spoofed Web site. The spoofed Web sites are set up to collect private customer information, such as account user IDs and passwords.

Actions Consumers Can Take to Help Prevent the Downloading of Spyware
Installing and periodically updating anti-spyware, virus protection and firewall software.

Adjusting browser settings to prompt the user whenever a Web site tries to install a new program or Active-X control.

Carefully reading all End User Licensing Agreements and avoiding downloading software when licensing agreements are difficult to understand.

Maintaining patches to operating systems and browsers.

Not opening e-mail from untrustworthy sources.

1 Content for this article is derived from the FDIC Financial Institution Letter Supplement: Informational Best Practices on Spyware Prevention and Detection