Your Guide to Spyware

Browser Hijackers
Browser Hijackers can include malicious BHOs, as well as go to change various settings within Internet browsers (usually directed at Microsoft Internet Explorer). These altered settings can cause your homepage to change, add bookmarks, create pop-ups faster than they can be closed, and redirect addresses that users may type in (especially if typed without the www. preface.) All of these browser alterations usually end up directing the user to sites containing pornography, warez, game cheats, or any other “underground” material.

One of the most common browser hijack methods used is to add entries to the hosts file. So, instead of sending servers to the localhost black hole, certain web addresses are redirected to servers that you probably would not want to go on your own.

The results of browser hijacking most often lead to non-technical problems, which include accessing inappropriate sites at work, straining personal relationships, and/or coming under scrutinization (and possibly as far as being arrested) for possession of illegal material. Browser hijackers are often one of the hardest forms of malware to deal with, on both technical and non-technical standpoints.

Computer Barnacles
Barnacles are data collection and/or advertisement producing software that are often bundled along side larger software packages, and are usually installed with the user’s unwitting consent. Consent is usually gained through hard-to-read license agreements, or ActiveX pop-ups.

Barnacles are made to be difficult to uninstall, often intentionally using confusing or counterintuitive uninstallation wizards to prevent the removal of the spyware software. Sometimes, uninstallation requires the user to fill out an online form, but depending on the shape that the system is in (with other forms of spyware possibly installed), this may not always be possible.

Barnacles often exhibit the same system degradation symptoms as other forms of spyware, however barnacles often target the Layered Service Provider (basically this is a protocol called winsock, which defines how software accesses network services, such as TCP/IP) to redirect data from a system’s TCP/IP stack (a set of protocols that defines how data is sent over the Internet). When this form of barnacle is removed, it usually corrupts Internet protocols, thus requiring a reinstallation of the TCP/IP stack.

Dialers
This form of malware is only applicable to dialup or ISDN Internet connections. Some of these dialers include scripts to disable the modem’s connection sounds, so you can’t tell if and when it may be dialing out. Users on broadband connections may still get dialers installed on their system, but dialing a phone number is not possible on broadband networks because they are not composed of regular phone numbers.

There are two basic methods that dialers operate under. The first is via security holes in Windows Operating Systems. They either use the Windows dialer, another legitimate third party dialer, such as one included with AOL, or someone’s own malware dialer. The other method entices the user with promises of special content only if they call the number listed, which usually appears on sites providing pornography, warez, game cheats, or any other “shady” activity.

Any of these dialing methods may rack up a significant phone bill. This money usually lines the pocket of the person or organization providing the malware. 900 numbers, a.k.a. premium rate numbers, are most often used, and can generally cost up to $4 per minute, with the call usually lasting about 10 minutes.