In the Internet era, one doesn’t have to physically access a phone line to tap communications and spy on others. They just need to incite someone to install a piece of software (called spyware) and can monitor their communications from a remote location.
Online communications have taken so many forms these days and you might be surprised to know just how many forms of such online communications can be monitored by spyware. Let us also look at some precautions that can be taken by online users in order to protect themselves from spyware.
What is Spyware?
If a piece of software gets installed in your computer either with your consent or without your consent (mostly), and gets involved in activities like monitoring the online activities of unsuspecting users, it can be called as spyware. Spyware is mostly created to obtain PII – Personally Identifiable Information (that can be useful to marketers) or Financial information (like Credit Card numbers) that can be used for financial crimes or Serving advertisements based on browsing history/browsing preferences of users.
Spyware is mostly installed in user’s computers using social engineering techniques that – incite users to click on certain links on certain web-pages/links in email, open email attachments containing spyware, download unauthorized software/applications from file-sharing websites, download software claiming to be anti-spyware, click on ads that contain links to malicious websites, etc.
What can Spyware do?
Spyware can do a lot of things. Among others,
- Key-loggers can record everything you type on your computer and transmit sensitive information like bank user-name/password, credit card information, etc to people controlling the spyware.
- Spyware can record your browsing history and serve pop-up ads based on your online activities/sites visited, etc.
- Spyware can report back any Personally Identifiable Information collected from your computer (names, gender, age, email address, physical address, phone numbers, geographic location, etc).
- Spyware can steal your user-names and passwords on various sites (like email) and aid in identity theft.
- Spyware can collect information entered in web-forms.
- They can record keystrokes, screen shots, video from web-cam, etc.
- They can track (and report) the names of all the websites visited by a user.
- They can hijack the browser home-page or entered browser web-page URL and redirect you to a totally different malicious site under their control.
- They can selectively gather data based on certain parameters. For example, they can gather all data that was sent to/received from https/vpn sessions (as these might contain sensitive information).
- Spyware can collect information stored in clipboards (anything that is copy-pasted, recently modified documents, etc)
- Spyware can collect information from Windows Protected Store (encrypted storage for passwords, digital certificates, etc)
- Spyware can be used as a back-door to install more dangerous malware that can remotely access and control a system.
- They can collect information on Instant Messaging sessions, executed programs, etc.
- They can re-write search engine results on an infected PC.
The FTC site has some good information on clues you can look for to identify if Spyware is installed in your computer. The link also includes some suggestions to customers on how you can protect your computer from spyware. Don’t forget to play this wonderful quiz (5 questions) they have hosted on their website to enable basic understanding of spyware, meant for both users/their kids.
For the enterprise, it is a good idea to have some protection for the computers on the network using Firewalls, UTM (Unified Threat Management devices), Content/URL Filtering applications, Network and Host based anti-spam and anti-virus programs, etc.
Anti-spyware can either be bundled with anti-virus software or be a stand-alone product. There are certain tools that help you to identify/scan for spyware on your PC. Have a look at these resources – PC Tools Spyware Doctor, Ad Aware, Spybot – Search and Destroy, Windows Defender, etc.
You could stay up to date on the various computer networking/enterprise IT technologies by subscribing to this blog with your email address in the sidebar box that says, ‘Get email updates when new articles are published’