Common Types of Spyware

Trojan is a general term for malicious program that sneaks into PC system without the user's permission. Most Trojans exhibit some forms of hostile or malicious behaviors. They can contain a virus, a password grabber or they can be a RAT (Remote Access Trojan) that is designed to allow remote control over your system. Some Trojans contain built in scanners that automatically scan the Network from your computer, looking for another copies of themselves.

As told in the Aeneid by Virgil and mentioned in the Odyssey by Homer, the term Trojan comes from Greek mythology about the Trojan War. According to legend, the Greeks presented the citizens of Troy with a large wooden horse in which they had secretly hidden their warriors. During the night, the warriors emerged from the wooden horse and overran the city.

Nowadays, Trojan is flooding on the Internet, and a Trojan may be widely redistributed as part of a computer virus. Therefore, Trojan has been one of the leading causes of computer breakings.   

Adware is a kind of software that displays or downloads advertisements to a computer after the software is installed or while the software is in use. These advertisements can be banners or popup windows. Some types of adware may even collect the user’s information and display advertisements in the web browser according to the information collected.

Adware can slow down your PC by consuming heavily Memory and CPU resources. Adware can also mess your Internet connection by using bandwidth to resume advertisements. Meanwhile, your system may be in risk of inefficiency because most adware applications are not properly programmed.

Browser Help Object (BHO)
A BHO, or Browser Helper Object is a component of Microsoft's Internet Explorer Web browser application. It is a DLL module specially designed as a plug-in to provide additional functionality. Browser Helper Object may also be used to help websites authors customize and control the Internet Explorer.

Browser Helper Object, in and of itself, is completely benign, like the Google toolbar and Yahoo toolbar. However, Browser Helper Object can also be exploited to download and install features or functions that are malicious. A great number of Browser Helper Objects function as spyware, tracking user’s browsing habits, recording confidential data and even displaying ads.

The cookie is a well-know mechanism for storing information about Internet users on their PC. Any cookie that is shared among two or more unrelated websites for the purpose of gathering and sharing private user information, is Spyware Cookie. Any cookie that is shared among two or more web pages for the purpose of tracking a user's surfing history, is Tracking Cookie.

Keylogger is a hardware device or small program that surreptitiously records the real-time activities of computer users, including the keyboard keys they pressed (such as passwords, logins or banking accounts). Keyloggers log all keystrokes, and commonly these log files are emailed to the person who planted the logging software.

In a computer, a worm is a self-replicating computer program that does not alter files but resides in active memory. The difference between a computer worm and a computer virus is that a computer virus can not run itself. A virus usually needs a virus program to run, and the virus code also runs as part of the host program. However, a worm does not need a host program to run; it uses a network to spread itself over computers on the network.

The original computer worm was released (maybe accidentally) on the Internet by Robert Tappan Morris in 1988. The Internet Worm used sendmail, fingerd, and rsh/rexec to spread itself across the Internet.

The SQL Slammer Worm of 2003 used vulnerability in Microsoft SQL Server 2000 to spread itself across the Internet. The Blaster Worm, also of 2003, used vulnerability in Microsoft DCOM RPC to spread itself.

The Melissa worm of 1999, the Sobig worms of 2003 and the Mydoom worm of 2004, all spread through e-mail. These worms shared some features of a Trojan horse, in that they spread by enticing a user to open an infected e-mail attachment.

Mydoom also attempted to spread itself through the peer-to-peer file sharing application KaZaA. The Mydoom worms attempted a Denial of Service (DoS) attack against SCO and Microsoft.

A virus is a program or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt.

A Toolbar is a type of browser plug-in that adds a third-party utility bar to the web browser, usually just below or next to the browser's address bar. A Toolbar typically has a search function and provides search results for paid advertisers. It often has buttons that are links to advertisers' web pages. An advertising toolbar may track browsing and search queries in order to display contextually relevant search results and ads.

Rogue AntiSpyware Program
Rogue Anti-spyware Software is the software that uses malware to advise or install itself through other malicious viruses or security hole without your permission. Rogue software usually pops up fake system message such as “Warning, your computer is infected! Click here to scan your computer now!” Most of the time, when clicking the “OK” button on the dialog tab, users will be directed to an unknown website that may download more spyware threats. Sometimes, even clicking the close button on the top right may lead to the installation of the rogue software, for the button is actually a link.

With the purpose to trick innocent users into the action of paying, rogue software usually counterfeits exaggerated and fake system scanning results and scare users to pay for the removal of the never-existed spyware infections. In fact, the threat is the rogue software itself. Most of them come with a bundle of very harmful spyware programs that hidden in the files themselves.

Backdoor is a group of Trojans threats that spread through a LAN, Internet, security holes and sometimes with other malware. These threats usually purport to be the remote administration toolkits and function in the same manner as the authorized remote administration programs, in order to take control of an infected machine and execute commands. This makes them very easy to hide from Windows and the user. This makes them hide deeply in Windows, and users with little computer expertise can hardly detect and find them.

Backdoor functions can include but not limited to:
change the Internet parameters
redirect HTTP traffic
steal game and application license keys
steal passwords and personal information
remove and change files
execute programs
reboot and shutdown computer

Unlike an authorized administration tool, a backdoor is downloaded and installed onto the system without the permission of the user. Once the backdoor is installed, it steals password and other information from the victim PC, switches off security programs, lowers security settings and even slows down PC performance.

A dialer is a software program that accesses a user’s phone line via a phone-connected modem. Dialers can modify the user’s dial-up settings and make very expensive long distance phone calls without permission, costing the user significant long distance charges.

A rootkit is a collection of tools (programs) that enable administrator-level access to a computer or computer network. Typically, a cracker installs a rootkit on a computer after first obtaining user-level access, either by exploiting a known vulnerability or cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network.

Rootkits may consist of spyware and other programs that: monitor traffic and keystrokes; create a backdoor into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

The presence of a rootkit on a network was first documented in the early 1990s. At that time, Sun and Linux operating systems were the primary targets for a hacker looking to install a rootkit. Today, rootkits are available for a number of operating systems, including Windows, and are increasingly difficult to detect on any network.