The term "spyware" refers to technologies that collect information about a user without his or her knowledge and reports that information to a third party. Certain forms of spyware can intercept sensitive and confidential information about an organization or user, including passwords, credit card numbers and other identifying data. As a result, spyware has significant confidentiality, integrity and availability implications for computer users.
Some of the risks associated with spyware include:
- Exploiting security vulnerabilities or settings, changing the computer configuration to relax security settings, or allowing a channel into the userís computer by circumventing the userís firewall. The result is that attackers can eavesdrop and intercept sensitive communications by monitoring keystrokes, e-mail and Internet communications, IDs, and passwords. Such an occurrence can potentially allow unauthorized access to user accounts;
- Draining and consuming computer system resources by installing an adware program which results in voluminous unwanted pop-up advertisements (even when a user is not browsing the Internet);
- Compromising the userís ability to access the Internet as a result of the improper removal of spyware;
- Compromising confidentiality. Certain types of spyware route all Internet communications through their own servers, often without a user's knowledge. This allows a third party to read sensitive Internet communications even when Secure Socket Layer (SSL) or other encryption protocols are used. Other forms of spyware install an application on the user's computer that monitors and records all Internet communications and sends the report back to the originator. Identity thieves may then impersonate the customer using the IDs and passwords collected; and
- Increasing vulnerability to "phishing" and "pharming" attacks, as some spyware can redirect Internet page requests. Phishing seeks to lure a user to a spoofed website using an e-mail that appears to come from a legitimate site. Pharming seeks to redirect a user to a spoofed website by introducing false data into a legitimate domain name server (DNS). The spoofed websites are set up to collect private customer information, such as account user IDs and passwords.
Many firewall and anti-virus software packages do not protect computers from certain versions of spyware. Users may intentionally install spyware without understanding the full ramifications of their actions. As an example, a user may be required to accept an End User Licensing Agreement (EULA), which often does not clearly inform the user about the extent or manner in which information is collected. In such cases, the software is installed without the user's "informed consent."
Spyware can be installed through the following methods:
- Downloaded with other Internet downloads in a practice called "bundling." In many cases, all of the licensing agreements may be included in one pop-up window that, unless read carefully, may leave the user unaware of "bundled" spyware;
- Directly downloaded by users who were persuaded that the technology offers a benefit. Some spyware claims to offer increased productivity, virus scanning capabilities or other benefits;
- Installed through an Internet browsing technique called "drive by downloads." In this technique, spyware is installed when a user simply visits a web site. The user may be prompted to accept the download believing it is necessary in order to view the web page. Another method that is used is to prompt the user to install the program through pop-up windows that remain open, or download the software regardless of the action taken by the user; or
- Automatically downloaded when users open or view unsolicited e-mail messages.
Once installed, spyware can be difficult to detect and remove because it:
- Does not always appear as a running program in the Window's Task Manager; therefore, a user may be unaware that his or her computer is infected;
- May not include a removal option in the Windows "Add/Remove Programs" function. When such an option is present, the removal process may not eliminate all components, or it may redirect a user to an Internet site to complete the removal. This often results in a new or additional infection rather than removal. In addition, some spyware includes a feature to reinstall itself when any portion is deleted; or
- May cause a further infestation by installing other spyware programs on a userís computer.
1st Cameron State Bank recommends that customers take the following actions to prevent spyware from being downloaded on their computers:
- Install and periodically update anti-spyware, virus protection and firewall software;
- Adjust browser settings to prompt the user whenever a website tries to install a new program or Active X control;
- Carefully read all End User Licensing Agreements and avoid downloading software when licensing agreements are difficult to understand;
- Maintain current patches to operating systems and browsers; and
- Do not open e-mail from untrustworthy or unknown sources.