Helpful Spyware Detection & Removal Article
Keith Dunlap had never even heard of Cool-search.net. But one day last December, as he opened the browser on his home PC, the site filled his display. The browser's Internet Options window showed his home page had been changed to the arcane address t.rack.cc/hp.php.
Dunlalp, a researcher at the Wood Science & Technology Institute in Corvallis, Oregon, reentered his old one. But when the system rebooted, his browser jumped to Superbookmark.com, another site he didn't know. Sure enough, that mysterious home page setting was back. He rebooted again, and his browser jumped to a third unwanted site: Real-Yellow-Page.com. Obviously, something was lurking on his PC, and he feared it was tracking his behavior.
Dunlap had already installed PepiMK Software's Spybot Search & Destroy 1.2 (reviewed in this story), a tool designed to detect and remove this sort of sinister software. Spybot's engine, he discovered, had been turned off. "I don't know if the spyware was to blame, "Dunlap says, "But Spybot's immunization tools were no longer running. "Even when he turned it on, Spybot detected no spyware-related files. Dunlap manually removed all references to t.rack.cc/hp.php in the Windows Registry. He rebooted, and they came back.
Dunlap's machine was infected with CoolWebSearch, one of many spyware applications threatening the world's computing devices-a late-breaking Trojan horse so nasty that only one app we tested, Lavasoft's Ad-aware Plus 6, could find it-and none could remove it. There is, however, a standalone app called CWSherdder (available at www.spywareinfo.com) that can get rid of CoolWebSearch.
Spyware apps sneak onto your machine when you download many file-sharing services, open infected e-mails, or click on dubious Internet pop-up adds. They can manipulate your system, record your habits, and steal your passwords and credit card numbers. Depending on their degree of aggressiveness, they can steal your privacy or even your identity. And they can be terribly difficult to remove.
78,000 ways to spy
According to PestPatrol, which sells its own spyware remover, more than 78,000 spyware programs are on the loose. These include adware applications, which track browsing habits and serve up ads; key loggers, which record keystrokes (passwords and credit card numbers, anyone?); and Trojan horses, which provide hackers unfettered access to your PC. In the past year, PestPatrol uncovered more than 500 new Trojan horses, 500 new key loggers, and 1,287 new adware apps. In fact, Webroot Software, maker of Spy Sweeper 2.2, estimates that 80 percent of PCs are infected-and that's not including less malevolent types of spyware, such as tracking cookies. The problem is so prevalent that major utility vendors McAfee and Symantec are getting into the act. McAfee's results are already good; Symantec's are less so in this first round.
Chances are you machine is hosting spyware. If you're recently installed a free file-sharing service like Grokster or Kazaa, there's no doubt about it; such services are almost always tied to several pieces of adware. You may not realize that when you accepted your file sharer's licensing agreement, you also agreed to download, install, and run this adware.
Even if you avoid sharing infected files, there are risks everywhere. Sometimes, Web sites or e-mail will dupe you into downloading malicious code. "You may see a message that plays off your fears, telling you that your system is vulnerable and giving you a link to a patch, "says Pete Lindstrom, director of Pennsylvania-based research firm Spire Security. When you click on the link, you're often installing spyware. Other times, spyware can infest your system when you simply visit a Web page or open an e-mail. Keith Dunlap believes he was the victim of such a "drive-by download."
At the very least, spyware brings inconvenience. Like CoolWebSearch, the program that infested Keith Dunlap's PC, many of these tools hijack your home page. They add sites to your browser's Favorites menu. They launch unwanted windows. Taking up CPU cycles, they slow system performance and even make your PC less stable.
But none of this is as troubling as what these programs do behind the scenes. Many seemingly innocuous adware applications track the sites you visit, with alarming accuracy."Some spyware actually changes your DNS records so that all your Web requests go through someone else's servers," says Bruce Hughes, director of malicious-code research at ICSA Labs, the investigative arm of a security corporation called TruSecure.
The nastiest applications, including key loggers and Trojan horses, grab more valuable information. In February 2003, employees at AOL downloaded a Trojan horse that pillaged the company's customer database. In July, a 25-year-old from Queens pleaded guilty to installing key loggers on computers at Kinko's stores in Manhattan, stealing over 450 online banking passwords, And in October, hackers used key loggers at Valve Software to pilfer their source code for Half Life 2, one of the company's best-known computer games.
These apps go beyond simple spying and actually facilitate identity theft. If you don't find that worrisome, reread the story on page 75, "Identity Theft: What, Me Worry?" How can you remove spyware from your system and prevent further infection? It's not easy.
In 2003, according to PestPatrol vice president of product development Roger Thompson, there was a huge increase in the number of burrower programs-apps that dig so deeply into an OS that they can't be found or removed without major surgery. Some hide behind ordinary Windows filenames. Others install as "layered service providers," so that quick deletion disables your Internet connection. Still others create multiple copies of themselves across an OS; if one is removed, the others keep running. "About six months ago, we knew of only 6 burrowers," Thompson says. "Now there are more than 40." And there are dozens of other apps that include ticklers-mini-programs that reinstall deleted files. You can't protect yourself from spyware like this without tools specifically designed to find and remove it.
Antispyware tools operate like anti-virus software: They find and remove only the programs their developers have already identified. And many spyware programs try to disable the tools that hunt them. Wise users install more than one anispyware engine (though having several configured for real-time blocking may cause problems). Even the best tools don't find all spyware. At the very least, it can be extremely frustrating when spyware causes your system to run badly or slowly or hijacks things like home page or search functions. And when you consider how much personal information your computer contains, how much someone could learn about you by virtually peering over your shoulder as your work or surf the Web, spyware should make you very worried indeed.
How to Avoid Spyware
Article Appearing In PC Magazine March 2, 2004. Article written by Cade Metz
- Make sure to run an antispyware application. Perform on-demand scans regularly to root out spyware that slips through the cracks. Reboot after removal and rescan to make sure no ticklers, which are designed to reinstall spyware, have resurrected any deleted apps. Additionally, even though we are not overly impressed with any app's real-time blocking abilities, activate whatever your app of choice offers; it's nearly always better than nothing.
- Give your antispyware some backup. In addition to an antispyware app, make sure to run both software and hardware firewalls and antivirus applications to protect yourself against Trojan horses (and viruses, naturally).
- Beware of peer-to-peer file-sharing services. Many of the most popular applications include spyware in their installation procedures. Also, never download executables via P2P, because you can't be absolutely certain what they are. Actually, it's a good idea to avoid downloading wxecutables from anywhwer but vendors or major, well-checked sites.
- Watch out for cookies. While they may not be the worst form of spyware, information gathered via cookies can sometimes be matched with information gathered elsewhere to provide surprisingly detailed profiles of you and your browsing habits. PC Magazine's own Cookie Cop 2(www.pcmag.com/utilities) can help you take control of cookies.
- Squash bugs. Web bugs are spies that are activated when you open contaminated HTML e-mail. Get rid of unsolicited e-mail without reading it when you can; turn off the preview pane to delete messages without opening them. In Outlook 2003, Tools | Options, click on the Security tab and select Change Automatic Download Settings. Make sure "Don't download pictures or other content automatically in HTML e-mail" is checked.
- Don't install anything without knowing exactly what it is. This means reading the end-user license agreement (EULA) carefully, as some EULAs will actually tell you that if you install the app in question, you've also decided to install some spyware with the software. Check independent sources as well, as some EULAs won't tell you about spyware.
- Protect yourself against drive-by downloads. Make sure your browser settings are stringent enough to protect you. In IE, this means your security settings for the Internet Zone should be at least medium. Deny the browser permission to install any ActiveX control you haven't requested.
- Keep up to date on the ever-changing world of spyware. Knowing the threat will help you defeat it. There are several great sites you can visit to kiip abreas of this issue. PestPatrol's Research Center (www.pestpatrol.com/pestinfo) has one of the most comprehensive lists of spyware and related threats we've seen. SpywareInfo is another good online source of information. Finally, PC Magazine's Security Scout utility (www.pcmag.com/utilities) aggregates dozens of security-specific news feeds and brings them right to your desktop. - Sean Carroll