Spyware manual

1
SPYWARE
By,
Rumman Ansari
Student of Computer Science and Engineering

2
CONTEXT
1. Abstract...........................................................................................................................................3
2. Introduction....................................................................................................................................3
3. Definition of spyware.....................................................................................................................4
4. History and development...............................................................................................................4
5. Classification of spyware...............................................................................................................4
5.1 Malware......................................................................................................................................4
5.2 Viruses........................................................................................................................................5
5.3 Adware........................................................................................................................................5
5.4 Tracking cookies.........................................................................................................................7
5.5 Browser hijacking.......................................................................................................................7
5.5.1 Host files..................................................................................................................7
5.5.2 Home page..............................................................................................................7
5.5.3 Search page..............................................................................................................8
5.5.4 Error page.................................................................................................................8
5.6 Keylogers...................................................................................................................................8
5.7 Spyboots....................................................................................................................................9
6. How a spyware attacks in a PC...................................................................................................10
7. Diagram on how Adware: win32/Addlyrics damage a PC.......................................................10
8. Spyware detection.........................................................................................................................16
9. Software examples(including spyware) .....................................................................................17
9.1 Gator.........................................................................................................................17
9.2 Cydoor.......................................................................................................................18
10. Working mechanism of spyware.................................................................................................19
10.1 . Server side operation ...........................................................................................................20
10.2 . Client side operation ............................................................................................................20
11. Effects of infection of spyware.....................................................................................................21
12. Prevention technique....................................................................................................................23
13. Case study......................................................................................................................................27
14. Law and related crimes................................................................................................................28
15. Conclusion....................................................................................................................................29
Topic Page No

3
Millions of computer users are being watched, not just by employers and Organizations, but by the software that
they use frequently without their knowledge. This spyware has become the center for collecting of the private data
and threatens the corporate secured data. Even it can change computer settings, resulting in slow connection speeds,
different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, we have to understand the “What exactly is spyware? How
does it work? What is its impact on users and the businesses that employ them? How to prevent them? are discussed.
Spyware is a program installed on your computer, with or without your permission, that can change system
configurations, monitor your Internet activity and broadcast the information back to an outside party. Sluggish
computer performance, altered home pages, and endless pop-ups are all signs your PC is infected. The milder forms
of spyware, known as adware, are simply annoying, with increased spam and unwanted pop-ups. Malware refers to
more malicious programs that can rob your PC of its ability to run efficiently, and put you in danger of financial loss
and even identity theft. The most harmful forms can collect, use and distribute your personal information, like
banking passwords and credit card numbers.
It is software that aims to gather information about a person or organization without their knowledge and that may
send such information to another entity without the consumer’s consent, or that asserts control over a computer
without the consumer’s knowledge.
In other way we can say,Spyware is a type of malware that can be installed on computers, and which collects small
pieces of information about users without their knowledge. The presence of spyware is typically hidden from the
user, and can be difficult to detect. Sometimes, however, spyware such as key loggers are installed by the owner of a
shared, corporate, or public computer on purpose in order to secretly monitor other users.
Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that
have been visited, but can also interfere with user control of the computer in other ways, such as installing additional
software and redirecting Web browser activity. Spyware is known to change computer settings. In an attempt to
increase the understanding of spyware, a more formal classification of its included software types is provided by the
term privacy-invasive software.
3. INTRODUCTION
3. THE DEFINITION OF SPYWARE
2. ABSTRACT

Virtually everyone with a computer has now heard of spyware, but where and when did it rear its ugly head for the
first time? Here is a little history The word 'spyware' was used for
popped up on Usenet (a distributed Internet discussion system in which users post e
article aimed at Microsoft's business model. In the years that followed though, spyware o
equipment' such as tiny, hidden cameras. It re
2000, marking the beginning of the modern usage of the word.
In 1999, Steve Gibson of Gibson Research detected adver
actually stealing his confidential information. The so
remove, so he decided to counter-attack and develop the first ever anti
The first recorded use of the term spyware occurred on 16 October 1995 in a Usenet post that poked fun at
Microsoft's business model. Spyware at first denoted
2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal
Firewall. Later in 2000, a parent using ZoneAlarm was alerted to the fact that Reader Rabbit,” educational
software marketed to children by the Mattel toy company, was sur
then, “spyware” has taken on its present sense.
Actually there are so many or different type of Spyware exits in the networking database . Among them we will
discus about some important Spyware with the suitable example.
They are given here :
5.1 MALWARE
The word Malware is short for malicious software
spyware, and pretty much anything that is specifica
4. HIST
5
4
first time? Here is a little history The word 'spyware' was used for the first time publicly in October 1995. It
popped up on Usenet (a distributed Internet discussion system in which users post e-mail like messages) in an
article aimed at Microsoft's business model. In the years that followed though, spyware often referred to 'snoop
equipment' such as tiny, hidden cameras. It re-appeared in a news release for a personal firewall product in early
2000, marking the beginning of the modern usage of the word.
In 1999, Steve Gibson of Gibson Research detected advertising software on his computer and suspected it was
actually stealing his confidential information. The so-called adware had been covertly installed and was difficult to
attack and develop the first ever anti-spyware program, Output.
at first denoted software meant for espionage purposes. However, in early
abs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal
Later in 2000, a parent using ZoneAlarm was alerted to the fact that Reader Rabbit,” educational
software marketed to children by the Mattel toy company, was surreptitiously sending data back to Mattel. Since
then, “spyware” has taken on its present sense.
some important Spyware with the suitable example.
malicious software, and is a general term used to describe all of the viruses, worms,
spyware, and pretty much anything that is specifically designed to cause harm to your PC or steal your information.
Fig: a picture of malware and its types
HISTORY AND DEVELOPMENT OF SPYWARE
5. CLASSIFICATION OF SPYWARE :
the first time publicly in October 1995. It
mail like messages) in an
ften referred to 'snoop
appeared in a news release for a personal firewall product in early
tising software on his computer and suspected it was
called adware had been covertly installed and was difficult to
am, Output.
meant for espionage purposes. However, in early
abs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal
Later in 2000, a parent using ZoneAlarm was alerted to the fact that Reader Rabbit,” educational
reptitiously sending data back to Mattel. Since
, and is a general term used to describe all of the viruses, worms,
lly designed to cause harm to your PC or steal your information.

5
5.2 VIRUSES
A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly
modified) into other computer programs, data files, or the boot sector of the hard drive; when this replication
succeeds, the affected areas are then said to be "infected".
Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time,
accessing private information, corrupting data, displaying political or humorous messages on the user's screen,
spamming their contacts, logging their keystrokes, or even rendering the computer useless. However, not all viruses
carry a destructive payload or attempt to hide themselves—the defining characteristic of viruses is that they are self-
replicating computer programs which install themselves without user consent.
5.3 ADWARE
Adware is a software that is installed together with another software or via activex controls on the internet. This is
often done without the user's knowledge, or without any disclosure that it will be used for obtaining personal
information. Adware usually obtain information about it user's passwords, email addresses, web browsing history,
their online buying habits, the configuration of the user's computer's hardware and software and user's name, age and
gender.
5.4 TRACKING COOKIES
Cookies that can track your Web activities that may include cookies that containuser namespasswordsother private
information that you enter onwebsites (SSN, banking info, credit cards)
A shortly description about the Tracking Cookies :
What is a tracking cookie?
A cookie is just a very small in terms of physical size on your disc, and is basically a text file. Within that file
information is stored that allows a site to remember your preferences, help with automatic logins, store what you
have in your shopping cart temporarily, or allow for tracking to be done.
Most of the information stored in a cookie is completely innocent and integral to a modern site working the way you
expect. Tracking may also be done innocently with a site that wants to know what a user looks at and what sequence
pages are visited so as to learn and improve the experience. But it can also extend past a single site and a cookie may
track your entire browsing session.

6
These so-called “persistent cookies” have quite a simple task. When a user visits a website, the server for that site
can detect whether the user has been there before by looking for a cookie it recognizes. If one doesn’t exist then a
new cookie is created and an ID is assigned for that user. After that each page the user visits has the URL logged
and associated with the ID. That same cookie, depending on how it is setup, can then continue to track where the
user goes, even when they leave the site, and feed that information back to the original server.
How do you deal with tracking cookies?
Such tracking is seen as an invasion of privacy and therefore both web browsers and suppliers of security tools have
created options to block them or utilities to get rid of them. You may have seen these cookies regularly pop up when
doing a spyware scan of your machine and “ad trackers” appear as a threat and get removed. They are the tracking
cookies put on your machine by advertisers to track what you do. All you need to do is visit a site with one of their
ads on it and a tracking cookie can be created on your PC.
Your first line of defense against being tracked in this way is the privacy options available in your web browser. It’s
possible to stop cookies being accepted from some or all sites. For example, in Firefox you can go to Tools >
Options and select the Privacy tab. In there you will see the following cookie options highlighted by a red box in the
image below:
Blocking cookies just requires unticking the two options for accepting cookies from sites and third-party cookies.
Other browsers will have similar options to customize cookie use.
The trade-off for doing this is some of your logins won’t be remembered between browsing sessions, but that can be
rectified by using a browser plug-in that remembers login details for specific sites securely. It’s best to experiment
with the settings and turn off third-party cookies first then all cookies if you can cope without them. Some sites will
even inform you they can’t perform properly without cookies being enabled, so you need to test and see what works
for you. Enabling cookies is as easy as returning to the Privacy tab rechecking the cookies box, though you can still
add exceptions to specific sites.
If you want a utility to remove tracking cookies from your PC there are a lot of choices with many of the tools being
completely free to use. To name a few I have successfully used SuperAnti-Spyware, Malware-Bytes Anti-Malware,
Ad-Aware, and Spyware Doctor, all of which did a good job. There are many more available and if you already use
a security suite chances are a scan will remove trackers as part of the process.

7
5.5 BROWSER HIJACKING
Browser hijacking is a form of unwanted software that modifies a web browser's settings without a user's permission,
to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error
page, or search page with its own.These are generally used to force hits to a particular website, increasing
its advertising revenue.
Some browser hijackers also contain spyware, for example, some install a software keylogger to gather information
such as banking and e-mail authentication details. Some browser hijackers can also damage the registry on Windows
systems, often permanently.
Some browser hijacking can be easily reversed, while other instances may be difficult to reverse. Various software
packages exist to prevent such modification.
Many Browser Hijacking programs are included in software bundles that the user did not choose, and are included
as "offers" in the installer for another program, often included with no uninstall instructions, or documentation on
what they do, and are presented in a way that is designed to be confusing for the average user, in order to trick them
into installing unwanted extra software.
5.5.1 Hosts File
Redefine the addresses of trusted sources, i.e. anti-virus tools, software patches and upgrades .
Description :
The hosts file is a computer file used by an operating system to map hostnames to IP addresses. The hosts file is a plain
text file, and is conventionally named hosts. Originally, a file named HOSTS.TXT was manually maintained and made
available via file sharing by Stanford Research Institute for the ARPANET membership, containing the hostnames and
address of hosts as contributed for inclusion by member organizations. The Domain Name System, first described in 1983
and implemented in 1984,[1]
automated the publication process and provided instantaneous and dynamic hostname
resolution in the rapidly growing network. In modern operating systems, the hosts file remains an alternative name
resolution mechanism, configurable often as part of facilities such as the Name Service Switch as either the primary
method or as a fallback method.
Purpose :The hosts file is one of several system facilities that assists in addressing network nodes in a computer
network. It is a common part of an operating system's Internet Protocol (IP) implementation, and serves the function
of translating human-friendly hostnames into numeric protocol addresses, called IP addresses, that identify and locate
a host in an IP network.
In some operating systems, the contents of the hosts file is used preferentially to other name resolution methods,
such as the Domain Name System (DNS), but many systems implement name service switches,
e.g., nsswitch.conf for Linux and Unix, to provide customization. Unlike remote DNS resolvers, the hosts file is
under the direct control of the local computer's administrator.
5.5.2 Home Page
Description :
A home page or index page is the initial or main web page of a website. It is sometimes also called the front
page (by analogy with newspapers) or main page, or written as "homepage."

8
Redefine the page that opens up when you start your browser.
Purpose :
A home page is generally the first page a visitor navigating to a website from a search engine will see, and may also
serve as a landing page to attract the attention of visitors. The home page is used to facilitate navigation to other
pages on the site, by providing links to important and recent articles and pages, and possibly a search box. For
example, a news website may present the headlines and first paragraphs of top stories, with links to the full articles,
in a dynamic web page that reflects the popularity and recentness of stories.
A website may have multiple home pages, although most have one. Wikipedia, for example, has a home page at
wikipedia.org, as well as language-specific homepages, such as en.wikipedia.org and de.wikipedia.org.
5.5.3 Search Page
Redefine the page that opens up when you enter an undefined URL.
Redefine the page that opens up when you click your “Search” button.
Description :
A search engine is really a general class of programs, however, the term is often used to specifically describe
systems like Google, Bing and Yahoo! Search that enable users to search for documents on the World Wide Web.
5.5.4 Error Pages
Redefine the pages that open when an error occurs.
Operation of browser hijacking :
Unwanted programs often include no sign that they are installed, and no uninstall or opt-out instructions.Most
hijacking programs constantly change the settings of browsers, meaning that user choices in their own browser are
overwritten. Some Antivirus software identifies browser hijacking software as malicious software and can remove it.
Some spyware scanning programs have a browser restore function to set the user's browser settings back to normal
or alert them when their browser page has been changed.
Some of the more malicious browser hijacking programs steal browser cookies on a person's computer, in order to
manipulate online accounts they are logged into. One company maliciously used Google cookies to install Android
apps onto a user's phone without their knowledge or consent.
Examples of hijackers.
A number of hijackers change the browser homepage, display adverts, and/or set the default search engine; these
include Astromenda(www.astromenda.com); Ask
Toolbar (ask.com); ESurf (esurf.biz) Binkiland (binkiland.com); Delta and Claro; Dregol;]
Jamenize; Mindspark
; Groovorio; Sweet Page; Trovi; Tuvaro; Spigot;etc.
5.6 KEYLOGERS
Were originally designed to record all keystrokes of users in order to find passwords, credit card numbers, and other
sensitive information.

9
A keyloger is a type of surveillance software (considered to be either software or spyware) that has the capability to
record every keystroke you make to a log file, usually encrypted. A keyloger recorder can record instant
messages, e-mail, and any information you type at any time using your keyboard. The log file created by the
keyloger can then be sent to a specified receiver. Some keyloger programs will also record any e-mail addresses
you use and Web site URLs you visit.
Keylogers, as a surveillance tool, are often used by employers to ensure employees use work computers for
business purposes only. Unfortunately, keylogers can also be embedded in spyware allowing your information to be
transmitted to an unknown third party.
5.7 SPYBOTS
• Spybots are the prototypical example of “spyware.” A spybot monitors a user’s behavior, collecting logs of
activity and transmitting them to third parties.
• A spybot may be installed as a browser helper object, it may exist as a DLL on the host computer, or it may run
as a separate process launched whenever the host OS boots.
Description :
The Spybot is also known as Spybot worm which is a large family of computer worms of varying characteristics.
Although the actual number of versions is unknown, it is estimated to be well into the thousands. This briefly held
the record for most variants, but has subsequently been surpassed by the Agobot family.
Common features :
Spybot variants generally have several things in common:
1. The ability to spread via the P2P program KaZaA, often in addition to other such programs.
2. The ability to spread via at least vulnerability in the Windows operating system. Earlier versions mostly used
the RPC DCOM buffer overflow, although now some use the LSASS buffer overflow.
3. The ability to spread via various common backdoor Trojan horses.
4. The ability to spread to systems with weak administrative passwords.
Recognition :
Because there is no standard of detection nor classification for the Spybot family, there is also no standard naming
convention. Because of this lack of standard naming conventions and because of common features, variants of the
Spybot worm can often be confused with the Agobot and IRCBot family of worms. Most antivirus programs detect
variants generically (e.g. W32/Spybot.worm), and identifying what specific Spybot variant is indicated is next to
impossible except with the earliest or most common versions.
As a result of having so many variants, one antivirus company is often not able to recognize and remove all versions
of the worm. The same applies to most antispyware software.

10
Spyware is renowned for slowing down computers and it's one of the key signs that a computer may be
infected . Spyware uses your computer's processor power and RAM resources to continually track what you
are doing on your computer. It sends captured information that it has learned about you and your surfing
habits over your Internet connection , then downloads and delivers masses of popup advertisements. All
ofthese background activities slow down your computer, especially , if there is more than one spyware
program active . Also , spyware is not necessarily designed to be efficient and errors in the software can make
your computer crash.
Here is three important points :
When we open any website of some attractive advertisement or other offers Our PC GET Automatically come
in contact with spyware
Some of Free softwares packetized in advance with spyware, when we install such softwares our PC get
automatically infected .
A device already infected with spyware if it comes in contact with another Device through the means of pen
drive, sd card , hard drive etc then the uninfected device get infected.
Adware:Win32/AddLyrics comes out as a detrimental browser extension, capable of generating web traffic on
Windows operating system typically. In a general way, Adware:Win32/AddLyrics virus can be activated while
open browsers normally, including Internet Explorer, Mozilla Firefox, Google Chrome and Safari Opera. And
then, the Adware:Win32/AddLyrics would present its Add Lyrics ads page covered on browsers, claiming that
Add Lyrics program provides Lyrics to any songs on YouTube and display them alongside the music video for
computer users. In reality, being utilized as a hack tool by cyber criminals, Adware:Win32/AddLyrics has been
known as a nasty malware that makes damage on affected PC and it is indispensable to remove
Adware:Win32/AddLyrics for good and do not download any programs that related to Win32/AddLyrics for
the sake of avoiding inserting vicious codes and files.
6. HOW A SPYWARE ENTERS IN YOUR PC ?
7. Diagram on how Adware: win32/Addlyrics damage a PC

11
In some cases, antivirus software users may indicate and detect numerous adware files on their PCs, which may
show up as JS:AddLyrics-BA, JS:AddLyrics-AR, JS:AddLyrics-AZ that related to Win32/AddLyrics. Though anti-
spyware may has the ability to remove the malicious files to the chest, it may neutralize Adware:Win32/AddLyrics
threat when in appears only. The worse thing is, Adware:Win32/AddLyrics may not only make chaos on browser
but also system settings such as MBR (Master Boot Record), so that to run automatically whenever Windows starts.
Not only the advertisements involved with Adware:Win32/AddLyrics can appear on affected PC, but also additional
ads pop up voluntarily that may contain pornographic, games or videos contents. Meanwhile,
Adware:Win32/AddLyrics can insert and install its related add-ons on your browsers in order to trace and record
search history and cookies. No doubts that you confidential online data can be peeped and stolen by remote hackers.
If this is the case, we need to figure out the effective approach to remove Adware:Win32/AddLyrics timely and
properly, for the purpose of refraining from unwanted damage and data loss.
Diagram on How Adware:Win32/AddLyrics Damage PC

12
How to Remove Adware:Win32/AddLyrics Effectively?
Being stuck with Adware:Win32/AddLyrics virus, you may wonder the most practical way to
remove Adware:Win32/AddLyrics for good. In order to remove Adware:Win32/AddLyrics, you may have tried lots
of antivirus that you trust, but failed. Why? That’s because the security removal tools are not human beings and they
cannot catch all the new things. They need to update their functions from time to time to catch the newly released
viruses. However, it seems that the infections’ creators know about this and they design all the related files of the
viruses in random names. What’s worse, the pests can mutate at a fast speed. Thus, your antivirus cannot
remove Adware:Win32/AddLyrics completely. The most effective way to get rid of Adware:Win32/AddLyrics is
the manual removal. Hence, we are able to remove all its malicious codes and files. Here is a guide for you.
Tips for Removing Adware:Win32/AddLyrics Step by Step
Method one: Add / Remove Program
For Windows XP, Vista & 7
1. Click on the “Start Menu” and find and click on “Control Panel”.
2. When you are in the “Control Panel”, find the “Add / Remove Programs” tab and click on it.
3. Now you’ll see a huge list with programs, applications and software programs. Now you’ve got to find the
Adware:Win32/AddLyrics and select it.
*If you are using Windows 7/Vista:
a: click Programs, choose Uninstall a program

b. Then go to Programs and Features. Here, it may appear as Sing Along.
4. Once you’ve found it, hit the uninstall button and confirm that you want to uninstall the program.
5. Now the uninstall process will start.
6. When it is done, restart your PC.
For Windows 8
1. Access Start Menu by pressing the Windows Key
13
b. Then go to Programs and Features. Here, it may appear as Sing Along.
1. Access Start Menu by pressing the Windows Key

14
2. Click Uninstall on the toolbar that appears at the bottom of the screen.
3. The Programs and Features window will open.
4. Highlight Adware:Win32/AddLyrics, and then press Uninstall.
Method two: Completely remove Adware:Win32/AddLyrics
Preparation: Since Registry is one of the most important parts of a computer, if you delete the wrong values or
entries there, you will bring more damages to your system. Therefore, if you choose to manually remove
Adware:Win32/AddLyrics, you’d better take note of items below:
One: First make sure that your registry is completely backed up on either a CD or external hard drive. Then if there
are any problems you can always start from the beginning.
Two: Only delete files and folders you know which are definitely associated with the software. If you aren’t sure
then don’t delete in case mistake.
Three: Do not modify Windows registry as you like if you have no knowledge on computers, for it will be damage
to your computer if you modify it by mistake.
Four: Restart your system regularly. If you have problems with booting up your computer whilst you are in the
process of deleting then you will know exactly where you have gone wrong.
Then, you can start the removal now:

15
1. Remove the “Program Files” from your computer.
Program files are the files which make the program work, giving it the ability to load up and perform its
operations. Removing Program Files from your computer, it will make Adware:Win32/AddLyrics
unusable.
Step one: Go to My Computer, and then browse to C:/Program Files/ Adware:Win32/AddLyrics.
Step two: select the entire folder of Adware:Win32/AddLyrics, and then press SHIFT & DELETE to delete the files
permanently from your computer.
2. Remove its registry keys
Registry keys serve as a storage medium for data that is to be stored in the Windows Registry. Deleting
related Registry keys will prevent the program from working any longer.
Step one: Click “Start” to run, and the search for REGEDIT.EXE on your computer.
Step two: Open it up and then press CRTL + F.
Step three: Then type “Adware:Win32/AddLyrics” in the search box, and then start to search for all the keys with
reference to that program.

16
Step four: Delete each one that comes up from the right hand box.
Step five: when all the steps are finished, reboot your computer.
Analyze:
Many antivirus program users complain that their antivirus cannot help them to remove
Adware:Win32/AddLyrics completely for good. Well, there is not any perfect antivirus that can catch all computer
infections in the world. Actually, it is the problem not only for your antivirus software, but also for many other even
world-leading security applications. New viruses are found daily and although all kinds of security applications have
significantly improved the detection of new viruses, technology used by used by virus authors continually changes
as they try to avoid detection. Though manual removal is the effective way to remove Adware:Win32/AddLyrics,
certain expert skills will be required during the manual removal procedure to avoid wrong operation which may
damage your computer permanently.
There are so many ways to detect the spyware if your computer is affected by spyware program of viruses .
Here in below some important points are given to know that your machine or computer has been infected by
spyware .
Continuous pop-ups
Persistent change in your homepage.
Slower computer processing, takes the computer longer to process or startup.
Internet browser does not start up.
Parts of your computer you cannot access without freezing.
8. Spyware detection

17
Major core data is lost or changed.
Unexplained Internet homepage or start page changed
Mysterious search results
Sluggish PC performance
Software stops functioning
Unexplained error message or crashes
In todays technology there are so many and different types of software is exists which are also included with the
Spyware program.
Likely :
1. GAIN / Gator
2. Gator E-Wallet
3. Cydoor
4 .Bonzi Buddy
5. My Search
6. Download War
7. Browser Aid
8. Dogpile Toolbar
9. Brilliant Digital
10. Comet Cursor
11. Common Name
12. Offer companion
13. Trickler
14. Web Hancer
Here is a short description of “GATOR “ AND “ CYDOOR ” :
9.1 Gator :
Description :
The "Gator" (also known as Gain AdServer) products collected personal information from its unknowing users,
including all websites visited and portions of credit card numbers to target and display ads on the computers of web
surfers. It billed itself as the "leader in online behavioral marketing". The company changed its name to Claria
Corporation on October 30, 2003 in an effort to "better communicate the expanding breadth of offerings that [they]
provide to consumers and advertisers", according to CEO and President Jeff McFadden.
Originally released in 1999, Gator was most frequently installed together with programs being offered free of
charge, such as Go!Zilla, or Kazaa. The development of these programs was partially funded by revenue from
advertising displayed by Gator. By mid-2003 Gator was installed on an estimated 35 million PCs.
9. Spyware examples(including software )

18
Even though Gator was installed with an uninstall available via Add/Remove Programs in the Control Panel
on Microsoft Windows,[4]
many spyware removal tools can also detect and remove it. Gator's end user license
agreement attempts to disallow its manual removal by prohibiting "unauthorized means" of uninstallation.
The Gator software undercut the fundamental ad-supported nature of many Internet publishers by replacing banner
ads on web sites with its own, thereby depriving the content provider of the revenue necessary to continue providing
that content. In June 2002 a number of large publishers, including the New York Post, The New York Times,
and Dow Jones & Company, sued Gator Software for its practice of replacing ads. Most of the lawsuits were settled
out of court in February 2003.
Gator attempted to combat spyware labels with litigation. In September 2003 the company threatened sites such as
PC Pitstop with libell awsuits
Gator is adware that collects and transmits information about a user’s Web activity.
Goal is to :
Gather demographic information
Generate a profile of the user’s interests for targeted advertisements.
Gator can be installed on a user’s computer in several ways.
When a user installs one of several free software programs produced by Claria Corporation (the
company that produces Gator), such as a free calendar application or a time synchronization client.
9.2 Cydoor :
Description :
Cydoor Desktop Media is an Israeli adware company. Cydoor originally placed ads only in software programs
such as Kazaa and iMesh, but has now expanded into running ads on websites as an advertising network.
Because of Cydoor's highly controversial practices of running ads in software programs, Cydoor software is often
considered spyware — and many Anti-Spyware and Antivirus applications will flag the software as such.
Cydoor software :
The Cydoor software downloads advertisements from the Cydoor servers, to be displayed in the Cydoor-supported
software.Cydoor consumes about 3.4MB of hard drive space, and cannot be uninstalled using
the Windows uninstaller. No uninstaller is provided. Cydoor is often bundled with commercial Peer-to-peer file
sharing programs such as Kazaa, iMesh and eXeem.Formerly, a user could uninstall Cydoor and continue to use the
program installed with it, but that is sometimes no longer the case. Now Cydoor is treated as a vital piece
of software code by the parent program, and removal may cause the program to stop working. The
website's FAQ explains, "Our components...are the main revenue generating components for our software partners,"
as the way of explaining their supposed necessity. Though, programmers have successfully removed Cydoor's
software from Kazaa (resulting in Kazaa Lite and Kazaa Resurrection).
The program has been known to cause problems in Windows, but the company asserts that this is due to an old
and buggy version of the software. They also claim not to harvest personal information unless "the user voluntarily
supplied it".

19
How a cydoor software attacks your PC ?
Cydoor displays targeted pop-up advertisements whose contents are dictated by the user’s browsing
history.
User is connected to the Internet
The Cydoor client pre-fetches advertisements from the Cydoor servers.
Displayed whenever the user runs an application that contains Cydoor, whether the user is online
or offline.
When a spyware attacks a computer then the spyware works inside the computer database and also inside the
various files and installed program . Generally a spyware works inside a machine in two way , and they are given
below :
10.1 Client- side –operation , and
10.2 Server-side-operation .
10. Working Mechanism Of Spyware

20
Fig : Network overview of server side operation.
10.1 what is Server-side-operation ?
Server-side (commonly referred to as SS) refers to operations that are performed by the server in a client–
server relationship in a computer network.
Typically, a server is a computer program, such as a web server, that runs on a remote server, reachable from a user's
local computer or workstation. Operations may be performed server-side because they require access to information or
functionality that is not available on the client, or require typical behavior that is unreliable when it is done client-side.
Server-side operations also include processing and storage of data from a client to a server, which can be viewed by a
group of clients. Advantage: This lightens the work of your client. This also protects your SAMP server from crackers.
Examples of server-side processing include the creation & adaptation of a database using MySQL.
fig: server side operation.
10.2 what is client-side-operation ?
Client-side refers to operations that are performed by the client in a client–server relationship in a computer
network.
Typically, a client is a computer application, such as a web browser, that runs on a user's
local computer or workstation and connects to a server as necessary. Operations may be performed client-side
because they require access to information or functionality that is available on the client but not on the server,
because the user needs to observe them or provide input, or because the server lacks the processing power to
perform the operations in a timely manner for all of the clients it serves. Additionally, if operations can be
performed by the client, without sending data over the network, they may take less time, use less bandwidth, and
incur a lesser security risk.
When the server serves data in a commonly used manner, for example according to the HTTP or FTP protocols,
users may have their choice of a number of client server-side operation) and sends it back to the client. The client
then analyzes the data (a client-side operation), and, when the analysis is complete, transmits its results back to the

21
server.
Fig : Client –side-operation .(software basis)
Actually there is so many effects of infections of spyware and they are as well as :…..
SECURITY RISK :
What will Spyware do to my computer and information? Spyware programs are unstable. They cause your computer
to run slower, certain programs stop working, and on occasion, you see the dreaded “blue screen of death”. Consider
the time Spyware eats up, taking you away from other important issues – it kills productivity in the office and at
home!
• Record keystrokes (usernames, passwords, email, phone number, physical address, name, credit card number,
etc.)
• Read your files
• Watch your word processing program
• Change your internet home page
• Add and delete files and toolbars
• Read your cookies
• Crash your browser
• Barrage of Pop-Up Advertisements (on and off the web) with adult content, scams and links to questionable sites
11. Effects of infection of Spyware

22
• Random Error Messages
• They can update themselves leading to more and worse malware!
Lower your risk of Spyware Infection:
•Spyware is here to stay. Your best bet is to be informed – know the tricks used by spyware to load itself.
• Verify that your Internet Explorer security settings are set correctly or use an alternative browser (Mozilla Suite,
Firefox, Opera)
• Use anti-virus and anti-spyware software and a firewall and update them regularly. Info Pathways, Inc.
www.infopathways.com 25 Liberty Street Westminster, MD 21157 (410) 751-9929 TEL (443) 244-9951 FAX © 2010
Info Pathways, Inc.
• Update your operating system and Web browser regularly
• Understand exactly what new programs will install on your innocent computer (many free programs aren’t so
free) and only download programs and software from sites you know and trust.
• Don’t click on links in spam or pop-ups, even if they claim to offer anti-spyware software!!! Sometimes even
clicking the “X” leads to spyware infections. Instead, hit the “Esc” key.
Sometimes All Else Fails:
Info Pathways STRONGLY recommends that you back up your data. Even the safest computer user can become a
victim. If you think your computer might have spyware on it, immediately stop shopping, banking, or doing any
other online activity that involves user names, passwords, or other sensitive information. Confirm that your security
software is active and current and run it to scan your computer for viruses and spyware, deleting anything the
program identifies as a problem.
Damage to computer :
Some owners of badly infected systems resort to contacting technical support experts, or even buying a new
computer because the existing system "has become too slow". Badly infected systems may require a clean
reinstallation of all their software in order to return to full functionality
The cumulative effect, and the interactions between spy ware components, causes the symptoms commonly reported
by users: a computer, which slows to a crawl , overwhelmed by the many parasitic processes running on it
some types of spy ware disable software firewalls and anti-virus software, and/or reduce browser security settings,
thus opening the system to further opportunistic infections, much like an immune deficiency disease.
Some other types of spy ware use root kit like techniques to prevent detection, and thus removal. The deletion of the
spy ware-infected file "inetadpt.dll" will interrupt normal networking usage.
In Windows Vista, by default, a computer administrator runs everything under limited user privileges. When a
program requires administrative privileges, Vista will prompt the user with an allow/deny pop-up (see User Account
Control). This improves on the design used by previous versions of Windows

23
Many spyware components would also make use of exploits in JavaScript, Internet Explorer and Windows to install
without user knowledge or permission .
the spyware will execute when the operating system is booted, even if some (or most) of the registry links are
removed .
Advertisement :
Many spyware programs display advertisements. Some programs simply display pop-up ads on a regular basis; for
instance, one every several minutes, or one when the user opens a new browser window. Others display ads in
response to the user visiting specific sites. Spyware operators present this feature as desirable to advertisers, who
may buy ad placement in pop-ups displayed when the user visits a particular site. It is also one of the purposes for
which spyware programs gather information on user.
Steal ware :
Steal ware diverts the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor.
Spyware which attacks affiliate networks places the spyware operator's affiliate tag on the user's activity —
replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user has their
choices thwarted, a legitimate affiliate loses revenue, networks' reputations are injured, and vendors are harmed by
having to pay out affiliate revenues to an "affiliate" who is not party to a contract.
Personal relationship :
Spyware has been used to surreptitiously monitor electronic activities of partners in intimate relationships, generally
to uncover evidence of infidelity. At least one software package, Lover spy, was specifically marketed for this
purpose. Depending on local laws regarding communal/marital property, observing a partner's online activity
without their consent may be illegal; the author of Lover-spy and several users of the product were indicted in
California in 2005 on charges of wiretapping and various computer crimes.
We can prevent the Spyware in generally two ways and they are given below :
• User Initiatives…
1. Issue Awareness
2. Use Legitimate S/W Sources
3. Improved Technical Ability
4. Choice of Browser
5. Choice of OS
6. Legal action taken against breaches of privacy
7. Utilize browser’s security settings
8. Always read the license agreement
9. Software and OS upgrades
12.Prevention and remedies of Spyware

24
10. Don't install any application unless you are certain of what it does or where it came from.
• Technical Initiatives...
1. Spyware Removal Programs
2. Pop-up Blockers
3. Firewall Technology
4. Disable ActiveX Controls
5. Use Anti-Spyware
--Spy Sweeper
-- Microsoft Windows Anti-Spyware
--Spyware Doctor
--Spyware Slayer
--Spy Killer
--Spy Remover
What is Spy Sweeper ?
Spy Sweeper is a software product that detects and removes spyware and viruses (if the optional anti-
virus component is installed) on personal computers Microsoft Windows.Webroot Software.
Features :
Spy Sweeper examines files on a computer's hard disk drive, as well as objects in memory, the Windows
registry and cookies, and quarantines any suspicious objects it finds. It is normally purchased as a yearly
subscription; some broadband services, such as MSN Premium, also offer rebranded versions of Spy Sweeper as
part of their subscription.
Versions :

25
Webroot offers two versions of Spy Sweeper: a zero-cost 'spy scan' offering real-time protection from spyware, and
a full version that allows for the removal of spyware. Licenses for the full version cost around US$30 each, which
can be used for one year on one computer, or $40 for two years. Webroot also sells multiple-license subscriptions,
allowing users to install their product on multiple computers using a single subscription, by purchasing either single-
user, three-machine, or enterprise licenses.
Kevin Thomas, who was the identical twin brother of Steven Thomas (the founder of Webroot Software), invented
the idea for Spy Sweeper. Behind the scenes, Kevin Thomas and Richard Koontz (Webroots ACE programmer)
worked hard on developing Spy Sweeper, despite being at odds with the CEO at the time (David Moll). Richard,
working from home on off hours, finished Spy Sweeper and the initial version was finally released in September
2004. At this time, neither Kevin Thomas or Richard Koontz have ever received credit for the invention of Spy
Sweeper.
In October 2006, Webroot released Spy Sweeper with AntiVirus, which includes removal of and protection
against computer viruses. The anti-virus component is based on an anti-virus product made by the software
vendor Sophos. In June 2007 version 5.5 was released, which included the ability to scan email attachments, and an
improved user interface. Windows 2000 users cannot upgrade from V5.5. In October 2008 version 6.0 was released.
The product has won many awards in the press,[1]
and was the first anti-spyware product to receive "Checkmark"
certification from the testing company West Coast Labs.[2]
It has also received an Editor's Choice award from PC
Magazine and a Best Buy award from PC World.
Microsoft windows Anti-Spyware :
Windows Defender is a software product that attempts to detect and remove malware. Initially released as
an antispyware program, it was first released as a free download for Windows XP, shipped with Windows Vista and
by default, and currently ships with antivirus capabilities as part of Windows 10.
Basic features :

26
Before Windows 8, Windows Defender featured antispyware capabilities. It included a number of real-time security
agents that monitored several common areas of Windows for changes which may be caused by spyware. It also
included the ability to easily remove installed ActiveX software. Windows Defender featured integrated support
for Microsoft SpyNet that allows users to report to Microsoft what they consider to be spyware, and what
applications and device drivers they allow to be installed on their system. In Windows 8, functionality has increased
to offer antivirus protection as well. Windows Defender in Windows 8 resembles Microsoft Security Essentials and
uses the same virus definitions.
General availability :
On October 24, 2006, Microsoft released Windows Defender. It supports Windows XP and Windows Server 2003;
however, unlike the betas, it does not run on Windows 2000.
Conversion to antivirus :
Windows Defender was released with Windows Vista and Windows 7, serving as their built-in antispyware
component. Windows Defender is superseded by Microsoft Security Essentials, an antimalware product from
Microsoft which provides protection against a wider range of malware. Upon installation, Microsoft Security
Essentials disables Windows Defender and takes over its duty.[8][9][10]
In Windows 8, Microsoft upgraded Windows
Defender into an antivirus program comparable to Microsoft Security Essentials.[11]
This new Windows Defender
greatly resembles Microsoft Security Essentials and uses the same virus definition updates. As a result, Microsoft
Security Essentials is not compatible with Windows 8.
Spyware doctor :
Description :
PC Tools Spyware Doctor, is anti-malware software. Spyware Doctor detects malware based on indicators of
compromise using its spider technology. The most recent version of Spyware Doctor is 9, which was released on 31
October 2011. Symantec is no longer offering this product as of 18 May 2013.
PC Tools Spyware Doctor with Anti-Virus :

27
PC Tools Spyware Doctor with Anti-Virus has the same features as Spyware Doctor, with added anti-virus
capabilities. Symantec has not sold this since 2013; v9 is the last one available.
1. Seismic Entertainment, an Internet marketing company controlled by former ’spam king’ Sanford Wallace, was
sued by the US Federal Trade Commission (FTC) in October 2004 in order to stop them from infecting consumer
PCs with spyware .
2. Marketscore hit many US Universities :
• MKSC hit many US Universities in Dec-2004 .
• Director of computer security at Boston College, “the software was bundled with iMesh peer-to-peer
software”.
13.Case studies

28
The term ‘cyber crime’ is a misnomer. This term has nowhere been defined in any statute /Act passed or enacted by
the Indian Parliament . The concept of cyber crime is not radically different from the concept of conventional crime .
Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further
crimes comes within the ambit of cyber crime”.
The Hyderabad Court has in a land mark judgement has convicted three people and sentenced them to six months
imprisonment and fine of 50,000 each for unauthorized copying and sell of pirated software.
Case 1: When a woman at an MNC started receiving obscene calls, CBI found her colleague
had posted her personal details on Mumbaidating.com.
Status: Probe on
Case 2: CBI arrested a man from UP, Mohammed Feroz, who placed ads offering jobs in Germany. He talked to
applicants via e-mail and asked them to deposit money in his bank account in Delhi.
Status: Charge-sheet not filed
Case 3: The official web-site of the Central Board of Direct Taxes was hacked last year. As Pakistan-based hackers
were responsible, authorities there were informed through Interpol.
Status: Pak not cooperating
Attempting or gaining access to someone's computer without their consent or knowledge is criminally illegal
according to computer crime laws, such as the United States Computer Fraud and Abuse Act and the United
Kingdom's Computer Misuse Act.Does this mean that spyware is illegal? Not necessarily. Though law enforcement
has often pursued the creators of malware like viruses, spyware developers have been largely un-prosecuted under
criminal law, though they occasionally do face lawsuits. Many spyware companies even operate as legitimate
businesses
Civil and Criminal Justice :
1.Corrections and Sentencing
2.DNA and Forensics
3. Juvenile Justice
4. Pretrial Release
Criminal law :
Unauthorized access to a computer is illegal under computer crime laws, such as the U.S. Computer Fraud and
Abuse Act, the U.K.'s Computer Misuse Act, and similar laws in other countries. Since owners of computers
infected with spyware generally claim that they never authorized the installation, a prima facie reading would
suggest that the promulgation of spyware would count as a criminal act. Law enforcement has often pursued the
authors of other malware, particularly viruses. However, few spyware developers have been prosecuted, and many
operate openly as strictly legitimate businesses, though some have faced lawsuits.
Spyware producers argue that, contrary to the users' claims, users do in fact give consent to installations. Spyware
that comes bundled with shareware applications may be described in the legalese text of an end-user license
agreement (EULA). Many users habitually ignore these purported contracts, but spyware companies such as Claria
say these demonstrate that users have consented.
14. Law and related Crimes

29
Despite the ubiquity of EULAs agreements, under which a single click can be taken as consent to the entire text,
relatively little case law has resulted from their use. It has been established in most common law jurisdictions that
this type of agreement can be a binding contract in certain circumstances. This does not, however, mean that every
such agreement is a contract, or that every term in one is enforceable.
Some jurisdictions, including the U.S. states of Iowa and Washington, have passed laws criminalizing some forms
of spyware. Such laws make it illegal for anyone other than the owner or operator of a computer to install software
that alters Web-browser settings, monitors keystrokes, or disables computer-security software.
In the United States, lawmakers introduced a bill in 2005 entitled the Internet Spyware Prevention Act, which would
imprison creators of spyware.
Civil law :
Former New York State Attorney General and former Governor of New York Eliot Spitzer has pursued spyware
companies for fraudulent installation of software. In a suit brought in 2005 by Spitzer, the California firm Intermix
Media, Inc. ended up settling, by agreeing to pay US$7.5 million and to stop distributing spyware.
The hijacking of Web advertisements has also led to litigation. In June 2002, a number of large Web publishers
sued Claria for replacing advertisements, but settled out of court.
Courts have not yet had to decide whether advertisers can be held liable for spyware that displays their ads. In many
cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with the spyware
firm. Rather, they have contracted with an advertising agency, which in turn contracts with an online subcontractor
who gets paid by the number of "impressions" or appearances of the advertisement. Some major firms such as Dell
Computer and Mercedes-Benz have sacked advertising agencies that have run their ads in spyware.
In this paper we have tried to shed some light on the topic of spyware, what it is, its consequences and what can be
done to protect oneself from being infected.
We have also seen that the method of distribution can vary greatly. In our case study we saw that spyware was
distributed by exploiting security vulnerabilities in installed software. A much more common way of distribution
is the software bundle in which spyware is included together with peer-to-peer software or other freeware.
Another conclusion that we draw from this study is that spyware is rapidly becoming a factor to take into account
when considering safety on the internet in general. Since so many Internet-connected computers are infected with
Various types of spyware today .
15. CONCLUSION

30
References
Jeremy Reimer (July 20, 2007). "The tricky issue of spyware with a badge: meet 'policeware'". Ars Technica.
Cooley, Brian (March 7, 2011). "'Like,' 'tweet' buttons divulge sites you visit: CNET News Video". CNet News.
Retrieved March 7, 2011.
Edelman, Ben; December 7, 2004 (updated February 8, 2005); Direct Revenue Deletes Competitors from Users'
Disks; benedelman.com. Retrieved November 28, 2006.
http://www.microsoft.com/presspass/press/2004/dec04/12-16GIANTPR.mspx
http://www.webopedia.com
http://www.wikipedia.org
http://www.bendelmen.org
http://lavasoftusa.com
http://commerce.senate.gov
http://blog.vilmatech.com/adwarewin32addlyrics-virus-learn-remove-adwarewin32addlyrics-properly/
http://www.seifried.org/security/quick-reference/windows-security-reference.html
THANK YOU

Spyware manual

More Related Content

Viewers also liked (20)

Similar to Spyware manual (20)

More from Rumman Ansari (20)

Recently uploaded (20)

Spyware manual