Much of the time, spyware relies on persuading unaware or credulous users to download and install it by offering some kind of seemingly enticing bait, such as a prize, free money, a free service, or a free service that’s “better” and supposedly gives you a leg up on widely known legitimate software or services. 99% of the time, you can assume that it will not help in any way.
Here is a list of known spyware applications and a list of known spyware creators/vendors . Check these lists if you run across a program you want to install, but don’t really know anything about its origins or appear on unprofessional websites. If the software does not appear in the product search, it is either too new, too obscure, or not a threat.
[hidepost=1]
ActiveX
Accepting ActiveX plug-ins is an easy way to get spyware installed on your system. These are usually found on sites containing “underground” or “shady” content. Legitimate sites, such as Microsoft and Macromedia may ask to install installer engines if you are downloading updates or programs and usually say on the web page that you will be prompted to install an ActiveX plug-in. In cases like these, it is fine to let the ActiveX plug-in be installed, for it is needed to complete an operation. There is a big “however” to add to this-some sites with spyware are clever enough to include a notice for the ActiveX pop-up, so be careful. Pop-ups offering “free” something-or-other or “browser enhancements” should be avoided. Additionally, random junk that pops up on random sites where you are not explicitly downloading something should not be allowed to be installed.
Here is one such example of an ActiveX pop-up that should not be allowed to run:
Fake Removal Tools
Beware of programs masquerading as adware or spyware removal tools, becoming known as “BetrayWare”. There are a small number of legitimate adware and spyware programs available; make sure that the removal tool program you download is a legitimate one. Other fake removal tools don’t go to cause harm to your system-some tools merely do nothing to combat the spyware problems, contrary to promises in their advertisements. Still others are simply clones of legitimate removal tools, but aren’t quite as good as the originals, where the core engine was swiped or licensed from, meaning that the major change is just a different GUI.
A comprehensive list of fake removal tools is available if you should want to check up on some removal tool that is being advertised or has been installed on your machine. That URL is:
http://www.spywarewarrior.com/rogue_anti-spyware.htm#products
Misleading or Enticing Advertisements
Advertisers will use every trick in the book to grab your attention. They will use interactivity and movement, your sense of curiosity, your sense of humor, your sense of justice and right and wrong, your sense of greed and desire, and just plain unawareness or credulity simply to get you to click. Your click on an ad registers “Ka-Ching!” for the advertiser, both in terms of monetary profits and the installation of spyware for the purpose of data harvesting.
Users are often tricked by advertisements such as these:
At first glance, it looks like a serious Windows error message, and some users will click the “yes” almost automatically. However, if you look in the bottom right corner of the ad, it says “advertisement” in small light gray letters. It’s somewhat hard to catch if you are just skimming a webpage quick. The other thing to know about these ads is that it doesn’t matter where you click on the ad; the whole ad is a clickable image that can redirect the user to a spyware infested webpage, or to a page that offers a spyware infested scanning utility (BetrayWare).
Another similar (and newer) advertisement is usually presented as a pop-up, and contains similar content as the previous example. See if you can spot the “advertisement” label in this ad:
Another common gimmick spyware creators/vendors love to use are the interactive ads; the ads where the user had to click on something that’s moving around. All those “punch the monkey and win”, and “knock out the boxer and win” type ads are redirects to places users would not really want to go on their own accord, since they are chock full of spyware. No, you never actually win anything, and if you enter your email address on their website you will get spammed.
Here’s an example of an interactive ad promising that free $20 for performing an action. Notice the asterisk at the end of the phrase. That implies there is fine print that is attached to the deal that is being offered in the ad.
Here’s an example of an animated lottery ad that goes to entice users hooked on the game of chance; all forms of lotteries and gambling.
When it comes down to it, any ad involving money, offering free anything, offering great benefits of drug enhancements, offering better abs, offering a better love life, or any other enticing item or service, beware! It is most likely a scam to install spyware and try to get you to submit your email address for the purpose of spam. To make use of an overused geek cliché, Admiral Ackbar says, “It’s a trap!”
Phishing
Phishing is not a form of direct spyware, but it can still be a simple, yet very effect tool for gathering personal information, sometimes leading to identity theft. It can be very scary if someone is taken in by a phishing attempt. As with anything else, there are a few things to look out for so it can be avoided.
- Read critically for spelling for grammatical errors.
- Legitimate sites/orgainizations never ask for personal information over email.
- Make sure the link included in a phishing attempt is not masked. Here is an example of what to look for:
Notice that the text of the link displayed looks legitimate, whereas the real link address directs you to a phishing page. This of course screams “phishing attempt”. - Check the webpage address for anything out of the ordinary. For instance, if the phishing attempt includes a link to a form that asks you to fill out personal information and does not contain the legitimate website’s base address, it is most likely a phishing attempt. For example, if the attempt happens to be for ebay and the link does not include ebay.com somewhere near the beginning of the address, it is most likely a phishing attempt. In addition to that, some phishing links can appear with letters switched around or omitted in the base address so it still looks like a legitimate address at a quick glance. www.microsoft.com may appear as www.mircosoft.com, www.micosoft, or may have an addition made to the front of the address such as www.msn-microsoft.com. It is also suggested that you do not actually click on the link because the website may be a host to all sorts of spyware and malware. So, if it doesn’t fool you into entering information, it will at least get that junk installed on your system.
- Beware of link addresses that contain an IP address. This is a big red flag that signifies that the server won’t be up long enough to be worth purchasing a domain name for it. In other words, it’s a host to a phishing site that probably won’t be online for too long. The IP address offers a direct link to the server without having to go through a domain name server, so no record of it would be logged. The link address can also be hidden by a mask, as shown in an earlier example.
- Beware of redirection links. Links that may look official may actually redirect you to a phishing webpage.
- Never fall into the trap of “get rich quick” schemes, especially if you are called to perform some sort of service beforehand, and especially if it’s for someone in a 3rd world country.
- Never fall into the trap of emails asking for money or to help shuffle money around, especially if they say something like, “Help me. I’m really a displaced prince and will have access to a numbered bank account I will share it if you help” or “Help, I was the victim of a horrible tragedy and could use your monetary assistance through this difficult time.” These are the kinds of scams where the phrase “a fool and their money are soon parted” can be applied today. Don’t fall into the trap!
- If you receive an email from a bank regarding account or personal information, or if it’s not from a bank you even use, it’s definitely a phishing attempt. Banks never ask for personal or account information by email. They usually contact by snail mail or phone. Also, it’s rare, but not unheard of phishing attempts (fraud) being carried out via snail mail or phone, although this method is usually more expensive than sending out emails, and isn’t used often for this reason.
- For any email asking for personal information regarding some sort of user or bank account, watch out for these (or similar) phrases found in the email’s subject or body: “Dear Valued Customer”, “Verify your account”, “If you don’t respond in [this amount of time], your account will be closed”, and “Click the link to gain access to your account”.
This MSN account phishing attempt is one of the most convincing phishing attempts that I have noted. At first glance, it looks quite legitimate and even sports a link to a page that looks convincingly legitimate. Take a look at it and see if you can apply some of the telltale signs of phishing.
Take a look at the spelling. It’s hard to catch at first glance, but “Automatical” is not a word. This anti-phishing site shows details of this specific phishing attempt. If you are ever not quite sure if something you receive is a phishing attempt, Google it. Search for a small phrase found in the phishing attempt and see you get any hits. If there are more than 3 hits that say “Yes, this is aphishing attempt,” it most likely is one. You can also take a look at these two anti-phishing sites for information on phishing attempts: http://www.antiphishing.org/index.html and http://www.millersmiles.co.uk/.
Downloads
When you download a file to install from the Internet, that piece of software always has a license agreement that can be viewed at sometime during the installation process. This EULA (End User License Agreement) is included to take care of issues with copyright and liability laws. They include permissions of what the end user can and can’t do with the software, as well as inform the end user of what the software does and doesn’t do. You will be hard pressed to find someone who actually reads those license agreements on their own free time. Most users simply click “I agree to these terms”. Included in the terms of agreement can be notices that forms of spyware may be installed with the main software package, albeit often hidden within complex legal jargon.
Cutesy applications are a huge success for spyware vendors/manufactures in that they are often laced with spyware that is installed along side the main package as an extra feature that does users no good. These “cutesy applications” can be screen savers, IM emoticon packages, desktop buddies, and so on. A few good examples are Bonzi Buddy, Comet Cursor, and Smiley Central. Whether or not the main purpose of the package is entertainment or data harvesting, it is hard to tell. They do a good job with both tasks. The amazing thing is that users sometimes pay for these applications in order to get “special” or “extra” services.
Cutesy applications aside, there are additional freeware packages that offer themselves as so-called legitimate and useful software, but actually do more harm to you as a user, rather than good. Such applications can include any Gator products, DashBar, PrecisionTime, DateManager, eWallet, eAcceleration, and, yes, even the seeming popular WeatherBug. Make sure you do your research on freeware that you may want to install. There’s a relatively small portion of free applications that are intentionally malicious, if all freeware is taken as a whole. There is a great many more legitimate freeware applications available for use, so don’t let these few malicious applications deter you from taking advantage of all the freeware that’s available. A simple Google search of the application’s name and the word “spyware” will usually turn up a significant number of results if the freeware package is indeed malicious.
Search Toolbars are another set of applications that have become quite popular. They are also a large source of data harvesting by collecting search string information, as well as browsing habits, and can even act as a keylogger.
Another source of adware, spyware and malware that gets installed on a user’s system without their consent is referred to as a drive-by download. Drive-by downloads are either embedded within a webpage, installed as a result of clicking on a deceptive ad or pop-up, or just bouncing around the Internet dropping into whatever unsecured computer they happen to run across. Older browsers and un-patched security flaws, in both browsers and Operation Systems, can allow drive-by downloads to take advantage of your unprotected system. The lack of a firewall can also be a big contributing factor, which can be compounded with the lack of up-to-date security patches, making for a good double whammy.
This is why it is dangerous to go poking around and following phishing links and ad links. Note that not all ads hide a page loaded with spyware. A good portion of ads on legitimate websites are in fact, not ill intended and will not install spyware on a user’s system. Just be aware of deceptive pop-ups and ads because after all, they do exist.
[/hidepost]
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
