Once upon a time, spyware was a fairly benign nuisance. The original point of spyware was to allow vendors to monitor the user's computer activity and Internet usage so that they could gather marketing data they could use to target ads more likely to attract the user's attention.
The distinction between adware and spyware was primarily a difference between whether the vendor was up front with disclosing their monitoring activity, or if the vendor secretly 'spied' on the user without any notification or authorization. The worst affect of such spyware was typically unwanted pop-up advertising based on the monitoring that the spyware had done.
 |
More malware education |
Malware Learning Guide
This guide provides you with tips, Windows security expert advice, articles and more that give you a complete rundown on the different types of malware. Malware Glossary
With this list of malware definitions, you can get up to speed on malware trends and terminology, both old and new. |
|
|
|
|
Over time though, spyware has taken on a much larger role in the malware world and has matured into a method of propagation that can be used to deliver a variety of malware types and malicious software. While there are still unique attributes that technically separate spyware from a Trojan, virus or other forms of malware, many recent and current threats blur the line and converge the various types of malware together.
Webroot Software, makers of the antispyware product SpySweeper, classify three different types of software under the umbrella heading of 'spyware threats'. There is the traditional adware, which still primarily just spy and gather data in a semi-benign fashion, but they also consider Trojans and System Monitors as types of spyware.
Trojans, at least those considered under the heading of spyware, tend to be either backdoors or downloaders. A backdoor is a Trojan that opens a port or provides some other covert means for an attacker to gain access to an infected system and execute malicious programs of their choosing. A downloader is a Trojan that initiates a connection with some external server to download and install other malicious programs which could include Bots or backdoor software.
System monitors are programs such as keystroke loggers that capture and record every keystroke typed on the computer. Many system monitor programs, such as SpyBuddy, go even farther, logging the programs that are used, Web sites that are visited, instant messaging chat sessions and more. The captured data is either automatically sent to an external server or email address, or there is some type of backdoor that allows the attacker to access the infected computer to retrieve the data.
The originators of the spyware concept may not have set out with such malicious intent. Their goal was strictly to maximize ad sales revenue by ensuring that the ads users see are for products and services that interest them. But, it didn't take very long for malicious developers to figure out that if you can secretly install software on a user's computer to monitor their computer activity, you can also use that software to capture personal information such as passwords and bank account numbers, or that you can use the same attack vector to install other types of malicious software. As it stands now, spyware ranks as one of the prime distribution methods for malware and is a threat that network and security administrators need to aggressively defend against.
About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is recognized by Microsoft as an MVP in Windows Security, and he is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Tony is co-author of Hacker's Challenge 3 and author of the upcoming Essential Computer Security. He also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit S3KUR3.com.
