Software spy

A software spy ( espiogiciel , informer or in English spyware ) is a Malicious software which settles in a computer with an aim of collecting and of transferring from the Information S on the environment in which it settled, very often without the user not being informed of it. The rise of this type of software is associated with that of Internet, which is used to him as means of Data transmission.

General information

Etymology

The denomination of “software spy” is drawn from the English spyware . One also speaks about espiogiciel or, more rarely, espiongiciel.

Diffusion

The software spies often accompanies the free software and generally settles without the knowledge of the user. The software spies is generally active only after restarting of the computer. Some, like Gator , are furtive and thus do not find themselves in the table of the processes (access: {Ctrl+alt+suppr} for Windows , {PS} for Unix ). A software powerful anti-spy can however detect it and sends an alarm before their installation.

Use

It is allowed to think that the software spies is developed mainly by companies proposing of publicity on Internet. Indeed, to allow the sending of targeted publicity, it is necessary to know its target well. This knowledge can be easily obtained by techniques of shaping of which the software spy forms part.

Operation

A software spy is composed of three mechanisms distincts :

the mechanism of infection, which installs the software. These mechanisms are identical to those of the virus, the towards or the Trojan horses. For example, the espiogiciel Cydoor uses the software general public Kazaa ;
the mechanism ensuring the collection of information. For the same example, the collection consists in recording all that the user seeks and downloads via the software Kazaa ;
the mechanism ensuring the transmission a third. This mechanism is generally assured via Internet network. The third can be the originator of the program or a company.

The software spy can post advertizing offers, download a virus, install a Trojan horse (what WhenU.SaveNow does, for example), capture passwords by recording the keys pressed with the keyboard ( keyloggers ), espionner the programs carried out with such or such hour, or espionner visited Internet sites.

Where is software spies found?

The software spy very often attacks the systems Microsoft Windows because of their popularity. Certain pages Web can, when they are charged, install without the knowledge of the user a software spy, generally by using security breaches of the navigator of the victim.

They are often present in Gratuiciel S (different from the free software), or Partagiciel S, in order to make profitable their development. It is possible that a gratuiciel cease to function after the suppression of the associated espiogiciel. One does not know software with free source code - as Mozilla Firefox - which contains some.

Lastly, some system administrators or administrators networks install themselves this type of software to remotely supervise the activity of their computers, without having to connect itself above.

Software known spies

The following list (nonexhaustive) of software spies is classified according to their effets :

Generators of intruding windows

(Formally quoted as being infections)

180 Solutions
DirectRevenue
Lop (publicity, intruding windows, risks of compromising, brings back the Swizzor virus and its derivatives)

Generation of intruding windows, while damaging or by slowing down the ordinateurs :

Bonzi Buddy
Cydoor
Gator, developed by Claria Corporation (publicity, intruding windows, violation of the private life, big risks of compromising, Fire wall X partially decontaminated, some problems of stability of the system. Gator with the reputation to be difficult to remove once installed.)
New.net (risks of compromising, problems of stability of the system, blocking of connection)
ShopAtHomeSelect
Spyware secure, which is made pass for a antispyware, difficult to remove with simple a antispyware (a Rootkit installs)

Pirates of navigator ( hijackers )

CoolWebSearch - most known of the pirates of navigator
Euniverse
Xupiter
Butt: blank - Pirate of navigator + intruding windows and reduction the speed of the machine
Mirar

Abductors of office ( desktop hijackers )

They generally settle without the knowledge of the user:

Adayairespy
AdwarePunisher
AdwareSheriff
AlphaCleaner
AVGold
BargainBuddy
BraveSentry
MalwareWipe
PestTrap
PSGuard
Quicknavigate.com
Security iGuard
Smitfraud
SpyAxe
SpyGuard
SpyHeal
SpySheriff
Spyware Software Stop
Spyware Vanisher
SpywareQuake
SpywareSheriff
Startsearches.net
UpdateSearches.com
Virtual Maid
Win32.puper
WinHound

Defraud

XXXDial

Flight of information

Back Opening (rather a Trojan horse), it is a software open source code which militates against the secrecy and - with the difference of the majority of the software spies - it does not have an commercial objective. It remotely has also a legitimate use as tool of Administration, for the administrators network.
VX2
NetSpy
Realspy
Perfect Keylogger
Keylogger Pro
Dreamscape Keylogger
Ghost Keylogger
I-Spy
Sim Keylogger
Simred Keylogger

Usurpation of functionality ( rogues )

This software is made pass for the antiones but is however of true software spies:

AD-Eliminator
AD-Purging Adware & Spyware Remover
bps Spyware & Adware Remover
SafeError
Spyware Detector
System Doctor
Spyware Nuker
Spyware Remover
SpyKiller
SpyDoctor
Winfixer 2005

Others

Internet Optimizer (Publicity, false messages of alarm, violation of the possible private life, risks of compromising)
MarketScore (is presented in the form of an accelerator the speed of connection Internet, serious violations of the private life, a reduction the speed of connection Internet on some systems)
CnsMin (developed in China; violation of the private life. Préinstallé on many Japanese PC under the name of JWord!)
KSpyware (espiogiciel published under license LPG by Nzeka Gilbert alias khaalel. He was programmed in Perl. Basic functions : publicity, intruding windows, flight of addresses emails, modification of the banner page of IE,…)
Alexa (Windows 2000 and XP), although the fact that it is a software spy remains prone to controversy.
Spyware Secure (False messages of alarm, proposals to buy the paying version)

Known software including of the software spies

Kazaa, which includes Cydoor;
DivX, except for the paying version, and the standard version without the coder;
the pilots of printers HP and probably of other marks send information of unknown nature towards the site of the mark during the impressions.

How to fight against the software spies?

To use anti-espiogiciel

There exist several application softwares to detect and remove this software with Microsoft Windows :

Free software:

AD-Aware, developed by the Swedish company Lavasoft. Specialized in the suppression of the Adware. There exists more sophisticated paying version.
Spybot - Search & Destroy, a completely free software which also makes it possible to remove the other tracers of activity on the systems (files newspapers)
Spyware Blaster which protects your navigator from the installation of the espiogiciels.
Windows Defender (ex Microsoft AntiSpyware) (in version béta in February 2006)
HijackThis - this software makes it possible to detect and destroy all the processes in the course of operation on your computer (for more information lira the article on hijackthis)
Ewido Security Suite - a software detecting and eliminating a great number of maliciels (free version for the private individuals). Be called from now on AVG Anti-spyware .
SmitFraudFix

Software paying (or to check…) .

SpyBouncer - Important database
PestPatrol
Spy Sweeper
Spy Subtract
Checkflow - anti-espiogiciel software Continuation, anonymous surfing and parental control (French editor)

This software, like the antivirus, uses frequently updated databases.

One can install several of this software, because often they do not detect the same spies. Even all installed, they would detect only one reduced part of the software existing spies.

To pay attention to the programs used

Before installing a downloaded software, be sure to have installed an antivirus program and anti-espiogiciel. For more safety, take some further information by making a search for opinion of users who announce sometimes the hidden threats of certain programs.

For their defenders, the use of the free software is a good means of fighting against the software spies because the sources are available and verifiable, it is possible to inform the community of the presence of a software spy. Indeed, apart from the free software, if the sources are not available, it is more difficult to detect the presence of this kind of threat.

Lastly, attention with the traps. In the past, certain programs supposedly intended to fight against the software spies contained themselves this type of threat or appeared completely ineffective with for only goal to invoice a license of use (case of Spyware Assassin for example)…

To control outgoing flows

The control of outgoing flows is carried out most of the time by the administrator network. Via a Fire wall, this control of outgoing flows rests on the principle of blocking any connection which tries to be carried out starting from the computer (or of the internal network) towards outside (generally Internet), except connections authorized beforehand (one generally authorizes connections towards Internet sites, but one less often authorizes the Station-with-station).

Even if the control of outgoing flows is set up still little at present, it is paramount in comprehension and the blocking of certain problems, like the presence of software spies, because they will be caused to connect itself outside to send information which they will have collected.

Random links: