Spyware is software designed to gather information about a person or organization without their knowledge, and then pass that information to another entity without the consumer's consent – or assert control over a device without the consumer's knowledge. Spyware gathers information about the user, including their browsing and Internet usage habits, as well as other data. Spyware aims to attack a large variety of users in order to ensnare as many potential victims as possible.
How Spyware Spreads
In order to be effective, spyware has to be installed on a victim’s computer without their knowledge. The most common access points for spyware include:
- Passive downloads: If a victim clicks on an unfamiliar link or attachment in an email, they may trigger a download of an executable file. Simply visiting a malicious website and viewing a page or banner ad may result in what is known as a “drive-by download”.
- Misleading marketing: Spyware authors will present their spyware programs as useful tools to download. Spyware may be presented as an Internet accelerator, download manager, hard disk drive cleaner, or an alternative web search service. As a result, victims install spyware in order to get access to the desired functionality.
- Software bundles: Alternatively, a genuinely useful software package may conceal a malicious add-on, extension, or plugin. These may look like necessary components, while actually being spyware which will remain even after uninstalling the host application.
- Trojans, worms, and backdoors: These threats will distribute spyware in addition to their primary malicious intent.
Types of spyware
Spyware is mostly classified into four types:
- Adware: Displays unwanted advertising on a user’s system.
- System monitoring: Malicious software will install on a system with intent of monitoring all activity, including key presses or microphone audio.
- Tracking cookies: Sends personal information about a user’s shopping habits to an aggregator of consumer data.
- Trojans: Provides an attacker with control over the user’s system.
Typical functions designed into spyware include:
- Password stealers: These are designed to pull passwords off of infected systems. These could be stored credentials from a web browser, the root level system, or 3rd party applications. These passwords will either be stored in a hidden location on the infected device until a manual transfer is requested, or they may be transferred automatically at set intervals.
- Banking Trojans: These applications target financial institutions with the goal of collecting protected credentials. They will search for vulnerabilities in browser security to change web pages, alter transaction content, sometimes going so far as to add false transactions, all while staying invisible to both the user and host. These specialized trojans target a multitude of financial institutions, including banks, brokerage firms, digital wallets, or financial portals. They will pass any collected information to remote servers for further use.
- Keyloggers: Also called system monitors, keyloggers are designed to watch and record computer activity: this includes keystrokes, web and search history, communication logs including email, and system credentials. In order to more effectively track the source any important information, keyloggers can also collect screenshots at scheduled intervals, so it’s easy to see sensitive information shown on screen. Keyloggers might also capture and transmit images and audio and video from devices connected to the infected system. All of this private information can be transferred to a remote server for later investigation.
Mobile spyware hides undetected in the background on a mobile device and steals information such as incoming/outgoing SMS messages, incoming/outgoing call logs, contact lists, emails, browser history, and photos. Mobile spyware can even log keystrokes, activate and record from any connected microphones or cameras, anything take screenshots of the phones background, and track the device using GPS.
Some spyware can operate in a very low tech fashion, by controlling the infected device via sms messages. Hackers can also infiltrate an organization's network through vulnerabilities in employees’ mobile devices. A corporation’s incident response team will often have a harder time detecting a breach that originated from a mobile device.
There are three main methods for getting spyware onto an unsecure mobile device:
- Unsecured free wi-fi: Common in public places such as airports and cafes. If a user logs onto an unsecured network, the attacker can see everything done on the device while it's connected.
- Operating system flaws: Which open up vulnerabilities that could let attackers infect a mobile device.
- Malicious apps: Which hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of an app store.
How to Deal with Spyware
If the installed spyware is functioning properly, it will be functionally invisible to most users. But, if spyware is in any way suspected, the first order of business is to make sure the system has been cleaned of any infection so that new passwords are not compromised. A robust cybersecurity program or a dedicated spyware removal service can cleans up spyware artifacts and repair altered files/settings.
After the system has been cleaned, it's important to contact any institutions related to breached data (like a users work IT, or their financial institution) to warn of potential fraudulent activity. Depending on the compromised information on your infected machine, and especially if it is connected to a business or enterprise, it may be required by law to report the breach to law enforcement and/or make a public disclosure.
How to Protect against Spyware
The best defense against spyware, as with most malware, starts with user behavior, but there are security protects available to individual users, all the way up to large enterprises:
- Behavior and Awareness: Educating users on identifying emails and attachments from unknown or suspicious senders. Users should learn to be diligent about mousing over hyperlinks, to check them before actually clicking through.
- Browser Protections: Though no browser is safe from attack, Internet Explorer, especially any outdated version, is at a much greater risk for spyware infection because it has a huge user base. This means serious vulnerabilities like ActiveX can effect a very large portion of people using IE as their browser of choice.
- ISP Firewalls and Proxies: Some ISP's use network firewalls and web proxies to block access to Web sites known to install spyware.
- Personal firewalls: These monitor the flow of information going to and from a networked computer and provide protection against spyware and malware.
The threat that spyware poses to both personal and enterprise networks is considerable, and spyware remediation and countermeasures are as critical to network security as antivirus and antispam measures. The most common spyware issues dealt with by IT staff are:
- Loss of productivity
- Increased help-desk costs
- Liability associated with privacy violations
- Intellectual property theft
- Information and premature disclosure
- Loss of credibility and damage to brand
Spyware protection and prevention should be a major consideration in security planning, and should merit as much attention as viruses and spam.
How Barracuda Can Help:
The Barracuda Web Security Gateway lets organizations benefit from online applications and tools without exposure to web-borne malware and viruses, lost user productivity, and misused bandwidth. As a comprehensive solution for web security and management, it unites award-winning spyware, malware, and virus protection with a powerful policy and reporting engine.
The Malware Protection built into the Barracuda CloudGen Firewall shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, SMTPS, POP3, POP3S), and file transfers (FTP) via two fully integrated antivirus engines. Barracuda Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. All Barracuda CloudGen Firewall models can apply Virus Protection and Advanced Threat Protection to SSL encrypted web traffic using the standard 'trusted man-in-the-middle' approach.
Do you have more questions about Spyware? Contact us today!