Spyware is a relatively new category of computer threat, becoming much more prevalent in the past two years. It’s frequently installed along with other programs such as Kazaa or WeatherBug, where accepting the main software’s license agreement means that you’ve also accepted the spyware. However, in most cases, spyware is silently installed without your knowledge or approval when you visit web sites with advertising banners. Since so many web sites have advertising banners, spyware is hard to escape.
Warning Signs to watch for on a Windows machine:
- When you start your browser, the home page has mysteriously changed. You change it back manually, but before long you find that it has changed back again.
- You get pop-up advertisements when your browser is not running or when your system is not even connected to the Internet, or you get pop-up ads that address you by name.
- You enter a search term in Internet Explorer’s address bar and press Enter to start the search. Instead of your usual search site, an unfamiliar site handles the search.
- A new item appears in your Favorites list without your putting it there. No matter how many times you delete it, the item always reappears later.
- Your system runs noticeably slower than it did before. If you’re a Windows 2000/XP user, launching the Task Manager and clicking the Processes tab reveals that an unfamiliar process is using nearly 100 percent of available CPU cycles.
- A search toolbar or other browser toolbar appears even though you didn’t request or install it. Your attempts to remove it fail, or it comes back after removal.
Warning signs to watch for on a Unix machine:
- Programs or commands don’t run properly. Has a particular program started crashing recently? Are you getting different output from a command than what you expect? It’s possible that someone has gotten into your computer and is trying to hide the signs of entry.
- You’re finding strange files or files in the wrong places. Hackers frequently hide their files in plain sight. Favorite locations are large, seldom visited directories. If you find a rootkit or a file that indicates a known virus, you’ve definitely had a security incident.
- A perfect example is the /dev directory on Unix systems—a huge filesystem full of obscure files. Since most people don’t have any reason to look in /dev, it’s the perfect place for the intruder to store files. (A quick way to check /dev is to type file /dev/* | grep -v special, which will return only non-device files. You should be left with a couple of directories and maybe an ASCII file or two. Of course, this assumes that an intruder hasn’t replaced the file program with his own executable.)
- Your “last login” reports the wrong information. Many servers report your last known login time and the machine you were connecting from.
- If your server says you logged in from Finland at 3:00 in the morning and you know you were in bed at 3:00 A.M. and use only a local computer to connect to the server, someone else probably has your password.
There are many spyware tools around. It may be a good idea to install more than one of the freeware detectors to increase your chances of detecting a greater percentage of spyware.
Spybot Search & Destroy
Microsoft Windows Defender