Spyware: Difference between revisions

Browse history interactively ← Previous edit Next edit →Content deleted Content addedVisual WikitextInline

Revision as of 17:01, 8 March 2018 edit2a00:1028:8380:87a:e8f5:f209:7e55:91c3 (talk)No edit summary← Previous edit		Revision as of 17:02, 8 March 2018 edit undo2a00:1028:8380:87a:e8f5:f209:7e55:91c3 (talk) ←Replaced content with 'i love you habibi'Tag: ReplacedNext edit →
Line 1:		Line 1:
			i love you habibi
	{{cleanup reorganize\|date=November 2016}}
	{{lead too long\|date=November 2016}}
	{{Use mdy dates\|date=April 2016}}
	<!--Note to editors: DO NOT USE THIS ARTICLE AS A PLATFORM FOR
	PROMOTIONAL OR PURELY COMMERCIAL LINKS.

	Such content will be deleted. Specific software is to be mentioned in this article.
	-->
	{{Computer hacking}}
	'''<span lang="en">Spyware</span>'''

	people are bad!!! maybe!!!

	what am i doing?

	i am so dumb!!



	is software that aims to gather information about a person or organization without their knowledge, that may send such information to another entity without the consumer's consent, or that asserts control over a device without the consumer's knowledge.<ref name="FTC-REPORT-2005">FTC Report (2005). ""</ref>

	"Spyware" is mostly classified into four types: ], system monitors, tracking ], and ];<ref name="Shin">SPYWARE "{{cite web\|url=http://www.justice.gov.tr/e-journal/pdf/cybercrime_essay.pdf \|title=Archived copy \|accessdate=2016-02-05 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20131101154446/https://www.justice.gov.tr/e-journal/pdf/cybercrime_essay.pdf \|archivedate=November 1, 2013 \|df= }}"</ref> examples of other notorious types include ] capabilities that "phone home", ]s, ]s, and ].

	Spyware is mostly used for the purposes of tracking and storing Internet users'
	movements on the Web and serving up pop-up ads to Internet users. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or ] intentionally in order to monitor users.

	While the term ''spyware'' suggests software that monitors a user's computing, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like ] habits, user logins, and bank or credit account information. Spyware can also interfere with a user's control of a computer by installing additional software or redirecting ]s. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or changes to software settings.

	Sometimes, spyware is included along with genuine software, and may come from a malicious website or may have been added to the intentional functionality of genuine software (see the paragraph about ], below). In response to the emergence of spyware, a small industry has sprung up dealing in ] software. Running anti-spyware software has become a widely recognized element of ] practices, especially for computers running ]. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.

	In German-speaking countries, spyware used or made by the government is called ''govware'' by computer experts (in common parlance: ''Regierungstrojaner'', literally "Government Trojan"). Govware is typically a trojan horse software used to intercept communications from the target computer. Some countries, like Switzerland and Germany, have a legal framework governing the use of such software.<ref>Basil Cupa, , LISS 2013, pp. 419–428</ref><ref> {{webarchive\|url=https://web.archive.org/web/20130506102113/http://www.ejpd.admin.ch/content/ejpd/de/home/themen/sicherheit/ueberwachung_des_post-/faq_vuepf.faq_3.html \|date=May 6, 2013 }}</ref> In the US, the term "]" has been used for similar purposes.<ref>{{cite web \|url=https://arstechnica.com/news.ars/post/20070719-will-security-firms-avoid-detecting-government-spyware.html \|title=The tricky issue of spyware with a badge: meet 'policeware' \|author=Jeremy Reimer \|date=July 20, 2007 \|publisher=Ars Technica}}</ref>

	Use of the term "spyware" has eventually declined as the practice of tracking users has been pushed ever further into the mainstream by major websites and data mining companies; these generally break no known laws and compel users to be tracked, not by fraudulent practices ''per se'', but by the default settings created for users and the language of terms-of-service agreements. In one documented example, on CBS/CNet News reported, on March 7, 2011, on a '']'' analysis revealing the practice of Facebook and other websites of tracking users' browsing activity, linked to their identity, far beyond users' visits and activity within the Facebook site itself. The report stated: "Here's how it works. You go to Facebook, you log in, you spend some time there, and then ... you move on without logging out. Let's say the next site you go to is ''New York Times''. Those buttons, without you clicking on them, have just reported back to Facebook and Twitter that you went there and also your identity within those accounts. Let's say you moved on to something like a site about depression. This one also has a tweet button, a Google widget, and those, too, can report back who you are and that you went there." The'' WSJ'' analysis was researched by Brian Kennish, founder of Disconnect, Inc.<ref>{{cite news \|last=Cooley \|first=Brian \|url=http://www.cnet.com/videos/like-tweet-buttons-divulge-sites-you-visit/ \|title='Like,' 'tweet' buttons divulge sites you visit: CNET News Video \|work=CNet News \|date=March 7, 2011 \|accessdate=March 7, 2011}}</ref>

	{{TOC limit\|2}}

	==Routes of infection==

	Spyware does not necessarily spread in the same way as a ] or ] because infected systems generally do not attempt to transmit or copy the software to other computers. Instead, spyware installs itself on a system by deceiving the user or by ] software vulnerabilities.

	Most spyware is installed without knowledge, or by using deceptive tactics. Spyware may try to deceive users by bundling itself with desirable software. Other common tactics are using a ], spy gadgets that look like normal devices but turn out to be something else, such as a USB Keylogger. These devices actually are connected to the device as memory units but are capable of recording each stroke made on the keyboard. Some spyware authors infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware.

	The installation of spyware frequently involves ]. Its popularity and history of security issues have made it a frequent target. Its deep integration with the Windows environment make it susceptible to attack into the ] ]. ] also serves as a point of attachment for spyware in the form of ]s, which modify the browser's behavior.

	==Effects and behaviors==
	{{unreferenced section\|date=December 2016}}
	A spyware program rarely operates alone on a computer; an affected machine usually has multiple infections. Users frequently notice unwanted behavior and degradation of system performance. A spyware infestation can create significant unwanted ] activity, disk usage, and network traffic. Stability issues, such as applications freezing, failure to boot, and system-wide crashes are also common. Spyware, which interferes with networking software commonly causes difficulty connecting to the Internet.

	In some infections, the spyware is not even evident. Users assume in those situations that the performance issues relate to faulty hardware, Windows installation problems, or another ] infection. Some owners of badly infected systems resort to contacting ] experts, or even buying a new computer because the existing system "has become too slow". Badly infected systems may require a clean reinstallation of all their software in order to return to full functionality.

	Moreover, some types of spyware disable software ] and ], and/or reduce browser security settings, which opens the system to further ]s. Some spyware disables or even removes competing spyware programs, on the grounds that more spyware-related annoyances increase the likelihood that users will take action to remove the programs.<ref name="competitor removal">Edelman, Ben; December 7, 2004 (updated February 8, 2005); ; benedelman.com. Retrieved November 28, 2006.</ref>

	]s are sometimes part of malware packages downloaded onto computers without the owners' knowledge. Some keylogger software is freely available on the internet, while others are commercial or private applications. Most keyloggers allow not only keyboard keystrokes to be captured, they also are often capable of collecting screen captures from the computer.

	A typical Windows user has ], mostly for convenience. Because of this, any program the user runs has unrestricted access to the system. As with other ]s, Windows users are able to follow the ] and use non-] accounts. Alternatively, they can reduce the ] of specific vulnerable Internet-facing ], such as ].

	Since ] is, by default, a computer administrator that runs everything under limited user privileges, when a program requires administrative privileges, a ] pop-up will prompt the user to allow or deny the action. This improves on the design used by previous versions of Windows.

	==Remedies and prevention==
	{{see also\|Computer virus#Virus removal}}
	As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or block spyware, as well as various user practices which reduce the chance of getting spyware on a system.

	Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve ] user data, and fully reinstalling the ]. For instance, some spyware cannot be completely removed by Symantec, Microsoft, PC Tools.

	===Anti-spyware programs===
	{{see also\|Category:Spyware removal}}
	Many programmers and some commercial firms have released products dedicated to remove or block spyware. Programs such as PC Tools' ], Lavasoft's '']'' and Patrick Kolla's '']'' rapidly gained popularity as tools to remove, and in some cases intercept, spyware programs. On December 16, 2004, ] acquired the '']'' software,<ref>"{{cite web \|url=http://www.microsoft.com/presspass/press/2004/dec04/12-16GIANTPR.mspx \|title=Microsoft Acquires Anti-Spyware Leader GIANT Company \|date=2004-12-16 \|accessdate=2009-04-10 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20090227020238/http://www.microsoft.com/presspass/press/2004/dec04/12-16GIANTPR.mspx \|archivedate=February 27, 2009 \|df=mdy-all }}"</ref> rebranding it as ''Windows AntiSpyware beta'' and releasing it as a free download for Genuine Windows XP and Windows 2003 users. (In 2006 it was renamed ]).

	Major anti-virus firms such as ], ], ] and ] have also added anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and now offers ] against these threats.

	===How anti-spyware software works===
	Anti-spyware programs can combat spyware in two ways:
	# They can provide real-time protection in a manner similar to that of ] protection: they scan all incoming ] data for spyware and blocks any threats it detects.
	# Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed into the computer. This kind of anti-spyware can often be set to scan on a regular schedule.
	Such programs inspect the contents of the ], ] files, and ], and remove files and entries which match a list of known spyware. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans disk files at download time, and blocks the activity of components known to represent spyware.
	In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's ], one of the first to offer real-time protection, blocked the installation of ]-based spyware.

	Like most anti-virus software, many anti-spyware/adware tools require a frequently updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, adding to the list of known spyware, which allows the software to detect and remove new spyware. As a result, anti-spyware software is of limited usefulness without regular updates. Updates may be installed automatically or manually.

	A popular generic spyware removal tool used by those that requires a certain degree of expertise is ], which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually. As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete.

	If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in ] allows an anti-spyware program a better chance of removing persistent spyware. Killing the process tree may also work.

	===Security practices===
	To detect spyware, computer users have found several practices useful in addition to installing anti-spyware programs. Many users have installed a ] other than ], such as ] or ]. Though no browser is completely safe, Internet Explorer was once at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as ] but these three major browsers are now close to equivalent when it comes to security.<ref>Stefan Frei, Thomas Duebendofer, Gunter Ollman, and Martin May, , Communication Systems Group, 2008</ref><ref>Nikos Virvilisa, Alexios Mylonasa, Nikolaos Tsalisa, and Dimitris Gritzalisa, , Computers & Security, 2015</ref>

	Some ]s—particularly colleges and universities—have taken a different approach to blocking spyware: they use their network ]s and ] to block access to Web sites known to install spyware. On March 31, 2005, ]'s Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, '']'', and the steps the university took to intercept it.<ref>Schuster, Steve. "{{cite web \|url=http://www.cit.cornell.edu/computer/security/marketscore/MarketScore_rev2.html \|title= Blocking Marketscore: Why Cornell Did It \|archiveurl=https://web.archive.org/web/20070214111921/http://www.cit.cornell.edu/computer/security/marketscore/MarketScore_rev2.html \|archivedate=February 14, 2007}}". Cornell University, Office of Information Technologies. March 31, 2005.</ref> Many other educational institutions have taken similar steps.

	Individual users can also install ] from a variety of companies. These monitor the flow of information going to and from a networked computer and provide protection against spyware and malware. Some users install a large ] which prevents the user's computer from connecting to known spyware-related web addresses. Spyware may get installed via certain ] programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack.<ref name=AAA>{{cite news\|url=http://www.spywareloop.com/news/spyware \|title=Information About Spyware in SpyWareLoop.com \|author=Vincentas \|newspaper=''Spyware Loop'' \|date=July 11, 2013 \|accessdate=July 27, 2013 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20131103215947/http://www.spywareloop.com/news/spyware \|archivedate=November 3, 2013 \|df= }}</ref>

	==Applications==

	==="Stealware" and affiliate fraud===
	A few spyware vendors, notably ], have written what the '']'' has dubbed "]", and what spyware researcher ] terms ''affiliate fraud'', a form of ]. Stealware diverts the payment of ] revenues from the legitimate affiliate to the spyware vendor.

	Spyware which attacks ]s places the spyware operator's affiliate tag on the user's activity – replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user has their choices thwarted, a legitimate affiliate loses revenue, networks' reputations are injured, and vendors are harmed by having to pay out affiliate revenues to an "affiliate" who is not party to a contract.<ref name="edelman-180">Edelman, Ben (2004). "". ''Benedelman.org''. Retrieved November 14, 2006.</ref> ] is a violation of the ] of most affiliate marketing networks. As a result, spyware operators such as 180 Solutions have been terminated from affiliate networks including LinkShare and ShareSale.{{Citation needed\|date=February 2007}} Mobile devices can also be vulnerable to ], which manipulates users into illegitimate mobile charges.

	===Identity theft and fraud===
	In one case, spyware has been closely associated with ].<ref>Ecker, Clint (2005). ''''. Ars Technica, August 5, 2005.</ref> In August 2005, researchers from ] firm Sunbelt Software suspected the creators of the common ] spyware had used it to transmit "], ]s, ]s, bank information, etc.";<ref>Eckelberry, Alex. , ''SunbeltBLOG,'' August 4, 2005.</ref> however it turned out that "it actually (was) its own sophisticated criminal little trojan that's independent of CWS."<ref>Eckelberry, Alex. , ''SunbeltBLOG,'' August 8, 2005.</ref> This case is currently under investigation by the ].

	The ] estimates that 27.3 million Americans have been victims of identity theft, and that financial losses from identity theft totaled nearly $48 billion for businesses and financial institutions and at least $5 billion in out-of-pocket expenses for individuals.<ref>. Federal Trade Commission, September 3, 2003.</ref>

	===Digital rights management===
	Some copy-protection technologies have borrowed from spyware. In 2005, ] was ] ]s in its ] ] technology<ref name="Sony scandal">Russinovich, Mark. , ''Mark's Blog,'' October 31, 2005. Retrieved November 22, 2006.</ref> Like spyware, not only was it difficult to detect and uninstall, it was so poorly written that most efforts to remove it could have rendered computers unable to function.
	] ] filed suit,<ref name="Texas AG lawsuit">Press release from the Texas Attorney General's office, November 21, 2005; . Retrieved November 28, 2006.</ref> and three separate ] suits were filed.<ref name="class-action suits">, ''BBC News,'' November 10, 2005. Retrieved November 22, 2006.</ref> Sony BMG later provided a workaround on its website to help users remove it.<ref name="Sony workaround">. Retrieved November 29, 2006.</ref>

	Beginning on April 25, 2006, Microsoft's ] Notifications application<ref>. Retrieved June 13, 2006.</ref> was installed on most Windows PCs as a "critical security update". While the main purpose of this deliberately uninstallable application is to ensure the copy of Windows on the machine was lawfully purchased and installed, it also installs software that has been accused of "]" on a daily basis, like spyware.<ref>Weinstein, Lauren. , ''Lauren Weinstein's Blog,'' June 5, 2006. Retrieved June 13, 2006.</ref><ref>Evers, Joris. , ''CNET,'' June 7, 2006. Retrieved August 31, 2014.</ref> It can be removed with the RemoveWGA tool.

	===Personal relationships===
	Spyware has been used to monitor electronic activities of partners in intimate relationships. At least one software package, Loverspy, was specifically marketed for this purpose. Depending on local laws regarding communal/marital property, observing a partner's online activity without their consent may be illegal; the author of Loverspy and several users of the product were indicted in California in 2005 on charges of wiretapping and various computer crimes.<ref>{{Cite web\|url=http://www.justice.gov/criminal/cybercrime/press-releases/2005/perezIndict.htm \|title=Creator and Four Users of Loverspy Spyware Program Indicted \|publisher=Department of Justice \|date=August 26, 2005 \|accessdate=November 21, 2014 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20131119022244/https://www.justice.gov/criminal/cybercrime/press-releases/2005/perezIndict.htm \|archivedate=November 19, 2013 \|df= }}</ref>

	===Browser cookies===
	Anti-spyware programs often report Web advertisers' ]s, the small text files that track browsing activity, as spyware. While they are not always inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them.<ref>{{cite web\|url=http://www.symantec.com/security_response/writeup.jsp?docid=2006-080217-3524-99 \|title=Tracking Cookie \|publisher=Symantec \|date= \|accessdate=2013-04-28}}</ref>

	==Examples==
	These common spyware programs illustrate the diversity of behaviors found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections. For instance, a number of the spyware programs distributed by ] are collectively known as "Gator". Likewise, programs that are frequently installed together may be described as parts of the same spyware package, even if they function separately.

	<!-- NOTE: Please avoid turning this into an unmaintainable list of "all known spyware". If you have a cited, sourced description of a piece of spyware that exhibits notably different behavior, or illustrates a typical spyware behaviour that these examples don't, please add it. However, feel free to REMOVE one of the listed examples if it becomes redundant. This list should not grow longer than (say) 20 entries (the typical maximum bars in a histogram).
	------------- -->
	*], a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including ''coolwebsearch.com''. It displays pop-up ads, rewrites ] results, and alters the infected computer's ] to direct ] lookups to these sites.<ref name="doxdb-coolwebsearch">"{{cite web \|url=http://www.doxdesk.com/parasite/CoolWebSearch.html \|title=CoolWebSearch \|work=Parasite information database \|archiveurl=https://web.archive.org/web/20060106083816/http://www.doxdesk.com/parasite/CoolWebSearch.html \|archivedate=January 6, 2006 \|accessdate=September 4, 2008}}</ref>
	*], sometimes called FinSpy is a high-end surveillance suite sold to law enforcement and intelligence agencies. Support services such as training and technology updates are part of the package.<ref name=NYT83012>{{cite news\|title=Software Meant to Fight Crime Is Used to Spy on Dissidents\|url=https://www.nytimes.com/2012/08/31/technology/finspy-software-is-tracking-political-dissidents.html\|accessdate=August 31, 2012\|newspaper=The New York Times\|date=August 30, 2012\|author=Nicole Perlroth}}</ref>
	*GO Keyboard virtual Android keyboard apps (GO Keyboard - Emoji keyboard<ref>{{cite web\|url= https://play.google.com/store/apps/details?id=com.jb.emoji.gokeyboard\|title= GO Keyboard - Emoji keyboard, Swipe input, GIFs\|publisher= GOMO Dev Team}}</ref> and GO Keyboard - Emoticon keyboard<ref>{{cite web\|url= https://play.google.com/store/apps/details?id=com.jb.gokeyboard\|title= GO Keyboard - Emoticon keyboard, Free Theme, GIF\|publisher= GOMO Dev Team}}</ref>) transmit personal information to its remote servers without explicit users' consent. This information includes user's Google account email, language, ], location, network type, Android version and build, and device's model and screen size. The apps also download and execute a code from a remote server, breaching the Malicious Behavior section<ref>{{cite web\|url= https://play.google.com/about/privacy-security/malicious-behavior \|title= Malicious behavior \|publisher= Google }}</ref> of the Google Play privacy policies. Some of these plugins are detected as ] or PUP by many Anti-Virus engines<ref>{{cite web\|url= https://www.virustotal.com/#/file/e5d235bb5f7b75e789c78c8be808061361a455a1b42861a4f4c8a7c30085bb2f/detection\|title= Virustotal detection \|publisher= Betanews \|date=September 21, 2017}}</ref>, while the developer, a Chinese company GOMO Dev Team, claims in the apps' description that they will never collect personal data including credit card information.<ref>{{cite web\|url= https://play.google.com/store/apps/details?id=com.jb.gokeyboard \|title= PRIVACY and security \|publisher= GOMO Dev Team}}</ref> The apps with about 2 million users in total were caught on spying on September 2017 by security researches from AdGuard who then reported their findings to Google.<ref>{{cite web\|url= https://betanews.com/2017/09/21/go-keyboard-spying-warning \|title= GO Keyboard spying warning \|publisher= Betanews \|date=September 21, 2017}}</ref>
	*], aka WinTools or Adware.Websearch, was installed by an ActiveX ] at affiliate Web sites, or by advertisements displayed by other spyware programs—an example of how spyware can install more spyware. These programs add toolbars to IE, track aggregate browsing behavior, redirect affiliate references, and display advertisements.<ref name="caspywareic">{{cite web \|url=http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453072528 \|title=CA Spyware Information Center – HuntBar \|publisher=.ca.com \|date= \|accessdate=September 11, 2010 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20120509233937/http://gsa.ca.com/pest/pest.aspx?ID=453072528 \|archivedate=May 9, 2012 \|df=mdy-all }}</ref><ref name="pchell">{{cite web\|url=http://www.pchell.com/support/huntbar.shtml \|title=What is Huntbar or Search Toolbar? \|publisher=Pchell.com \|date= \|accessdate=September 11, 2010}}</ref>
	*], also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.<ref name="doxdb-internetoptimizer">"{{cite web \|url=http://www.doxdesk.com/parasite/InternetOptimizer.html \|title= InternetOptimizer \|work= Parasite information database \|archiveurl=https://web.archive.org/web/20060106084114/http://www.doxdesk.com/parasite/InternetOptimizer.html \|archivedate=January 6, 2006 \|accessdate=September 4, 2008}}</ref>
	*Spyware such as Look2Me hides inside system-critical processes and start up even in safe mode. With no process to terminate they are harder to detect and remove, which is a combination of both spyware and a ]. Rootkit technology is also seeing increasing use,<ref name="rootkit">Roberts, Paul F. "". ''eweek.com''. June 20, 2005.</ref> as newer spyware programs also have specific countermeasures against well known ] products and may prevent them from running or being installed, or even uninstall them. {{Citation needed\|date=March 2015}}
	*], also known as Moviepass.tv and Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the ] (FTC), the ] ], the ], and other agencies. Consumers complained they were held hostage by a cycle of oversized ]s demanding payment of at least $29.95, claiming that they had signed up for a three-day free trial but had not cancelled before the trial period was over, and were thus obligated to pay.<ref name="FTCNEWSRELEASE">{{cite web \|url= http://www.ftc.gov/opa/2006/08/movieland.htm \|title= FTC, Washington Attorney General Sue to Halt Unfair Movieland Downloads \|publisher= ] \|date= August 15, 2006 }}</ref><ref name="WANEWSRELEASE">{{cite web \|url= http://www.atg.wa.gov/pressrelease.aspx?id=4286 \|title= Attorney General McKenna Sues Movieland.com and Associates for Spyware \|publisher= Washington State Office of the Attorney General \|date= August 14, 2006 }}</ref> The FTC filed a ], since ], against Movieland and ] charging them with having "engaged in a nationwide scheme to use ] and ] to extract payments from consumers."<ref name="FTCCOMPLAINT">{{cite web \|url= http://www.ftc.gov/os/caselist/0623008/060808movielandcmplt.pdf \|title= Complaint for Permanent Injunction and Other Equitable Relief (PDF, 25 pages) \|publisher= ] \|date= August 8, 2006 }}</ref>
	*WeatherStudio has a plugin that displays a window-panel near the ''bottom'' of a browser window. The official website notes that it is easy to remove (uninstall) WeatherStudio from a computer, using its own uninstall-program, such as under C:\Program Files\WeatherStudio. Once WeatherStudio is removed, a browser returns to the prior display appearance, without the need to modify the browser settings.
	*] (formerly ]) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for ] advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies (as seen in their ).<ref name="edelman-180"/>
	*], or just Zlob, downloads itself to a computer via an ] ] and reports information back to Control Server{{Citation needed\|date=February 2009}}. Some information can be the search-history, the Websites visited, and even keystrokes.<ref>{{cite web\|title=Anti-Spyware\|url=http://www.thetechresource.com/1169/anti-spyware/\|website=Total Technology Resources\|accessdate=20 November 2017}}</ref> More recently, Zlob has been known to hijack routers set to defaults.<ref name="New Malware Changes Router Settings">, '']'', June 13, 2008. {{webarchive \|url=https://web.archive.org/web/20110715060001/http://blogs.pcmag.com/securitywatch/2008/06/new_malware_silently_changes_r.php \|date=July 15, 2011 }}</ref>

	==History and development==
	The first recorded use of the term ] occurred on October 16, 1995 in a ] post that poked fun at ]'s ].<ref name="coinage">Vossen, Roland (attributed); October 21, 1995; posted to rec..programmer; retrieved from groups.google.com November 28, 2006. {{dead link\|date=June 2016\|bot=medic}}{{cbignore\|bot=medic}}</ref> ''Spyware'' at first denoted ''software'' meant for espionage purposes. However, in early 2000 the founder of ], Gregor Freund, used the term in a press release{{dead link\|date=April 2014}} for the ].<ref name="wienbar">Wienbar, Sharon. "". ''News.com''. August 13, 2004.</ref> Later in 2000, a parent using ZoneAlarm was alerted to the fact that "Reader Rabbit," educational software marketed to children by the ] toy company, was surreptitiously sending data back to Mattel.<ref name="Hawkins">Hawkins, Dana; "". ''U.S. News & World Report''. June 25, 2000 {{webarchive \|url=https://web.archive.org/web/20131103060440/http://www.usnews.com/usnews/culture/articles/000703/archive_015408.htm \|date=November 3, 2013 }}</ref> Since then, "spyware" has taken on its present sense.

	According to a 2005 study by ] and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with form of spyware. 92 percent of surveyed users with spyware reported that they did not know of its presence, and 91 percent reported that they had not given permission for the installation of the spyware.<ref name="aolstudy">" {{webarchive\|url=https://web.archive.org/web/20051213090601/http://www.staysafeonline.info/pdf/safety_study_2005.pdf \|date=December 13, 2005 }}". ''America Online'' & ''The National Cyber Security Alliance''. 2005. </ref>
	{{as of\|2006}}, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows ]s. Computers on which ] (IE) is the primary ] are particularly vulnerable to such attacks, not only because IE is the most widely used,<ref name="pcworld-ie">Spanbauer, Scott. "". ''Pcworld.com''. September 1, 2004</ref> but because its tight integration with Windows allows spyware access to crucial parts of the operating system.<ref name="pcworld-ie"/><ref>Keizer, Gregg. "". ''TechWeb Technology News''. August 25, 2005. {{webarchive \|url=https://web.archive.org/web/20070929092100/http://www.techweb.com/wire/software/170100394 \|date=September 29, 2007 }}</ref>

	Before ] SP2 was released as part of ], the browser would automatically display an installation window for any ] component that a website wanted to install. The combination of user ignorance about these changes, and the assumption by ] that all ] components are benign, helped to spread spyware significantly. Many spyware components would also make use of ]s in ], Internet Explorer and Windows to install without user knowledge or permission.

	The ] contains multiple sections where modification of key values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the ] that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted, even if some (or most) of the registry links are removed.

	==Programs distributed with spyware==
	<!-- LIST ONLY SOFTWARE NOTABLE ENOUGH TO HAVE ITS OWN ARTICLE, AND CITE SOURCES. -->
	* ]<ref>Edelman, Ben (2004). "". Retrieved July 27, 2005.</ref>
	* ]<ref name="p2p">Edelman, Ben (2005). "". Retrieved July 27, 2005.</ref>
	* ]<ref name="doxdb-weatherbug">"{{cite web \|url=http://www.doxdesk.com/parasite/WeatherBug.html \|title=WeatherBug \|work=Parasite information database \|archiveurl=https://web.archive.org/web/20050206011153/http://www.doxdesk.com/parasite/WeatherBug.html \|archivedate=February 6, 2005 \|accessdate=September 4, 2008}}</ref>
	* ]<ref name="sunbelt-wild">{{cite web \|url=http://research.sunbeltsoftware.com/threatdisplay.aspx?name=AdWare.WildTangent&threatid=236165 \|title=Adware.WildTangent \|publisher=Sunbelt Malware Research Labs \|date=June 12, 2008 \|accessdate=September 4, 2008 }}{{dead link\|date=July 2017 \|bot=InternetArchiveBot \|fix-attempted=yes }}</ref><ref name="sunbelt-winpipe">{{cite web \|url=http://research.sunbelt-software.com/threatdisplay.aspx?name=Winpipe&threatid=15154 \|title=Winpipe \|publisher=Sunbelt Malware Research Labs \|date=June 12, 2008 \|accessdate=September 4, 2008 \|quote=It is possible that this spyware is distributed with the adware bundler WildTangent or from a threat included in that bundler.}}</ref>

	===Programs formerly distributed with spyware===
	*]<ref name="sunbelt-wild" /> (AOL Instant Messenger still packages Viewpoint Media Player, and WildTangent)
	*]<ref>"". ''PC Pitstop''. Retrieved July 27, 2005.</ref>
	*]<ref>"". ''Computer Associates''. Retrieved July 27, 2005. {{webarchive \|url=https://web.archive.org/web/20070505011538/http://www.ca.com/us/securityadvisor/pest/pest.aspx?id=453077947 \|date=May 5, 2007 }}</ref><ref>{{cite web\|url=http://virusscan.jotti.org/nl/scanresult/c55dc7987f87f11ed55d34f09f55cdce9727399e \|title=Jotti's malware scan of FlashGet 3 \|publisher=Virusscan.jotti.org \|date= \|accessdate=September 11, 2010 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20100323064244/https://virusscan.jotti.org/nl/scanresult/c55dc7987f87f11ed55d34f09f55cdce9727399e \|archivedate=March 23, 2010 \|df= }}</ref><ref></ref><ref>{{cite web\|url=http://virusscan.jotti.org/nl/scanresult/733dbb2f598c24c1c89466f4453c5e14da57b093 \|title=Jotti's malware scan of FlashGet 1.96 \|publisher=Virusscan.jotti.org \|date= \|accessdate=September 11, 2010 \|deadurl=yes \|archiveurl=https://web.archive.org/web/20110510092754/https://virusscan.jotti.org/nl/scanresult/733dbb2f598c24c1c89466f4453c5e14da57b093 \|archivedate=May 10, 2011 \|df= }}</ref><ref></ref><ref>Some caution is required since FlashGet 3 EULA makes mention of Third Party Software, but does not name any third party producer of software. However, a scan with SpyBot Search & Destroy, performed on November 20, 2009 after installing FlashGet 3 did not show any malware on an already anti-spyware immunized system (by SpyBot and SpywareBlaster).</ref>
	*]<ref>{{cite web\|url=http://gadgets.boingboing.net/2008/04/14/magicjacks-eula-says.html \|title=Gadgets boingboing.net, ''MagicJack's EULA says it will spy on you and force you into arbitration'' \|publisher=Gadgets.boingboing.net \|date=April 14, 2008 \|accessdate=September 11, 2010}}</ref>

	==Rogue anti-spyware programs==
	{{see also\|List of rogue security software\|List of fake anti-spyware programs\|Rogue software}}

	Malicious programmers have released a large number of rogue (fake) anti-spyware programs, and widely distributed Web ]s can warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware—or else, may add more spyware of their own.<ref>{{cite news \|last=Roberts \|first=Paul F. \|url=http://www.eweek.com/article2/0,1759,1821127,00.asp \|title=Spyware-Removal Program Tagged as a Trap \|date=May 26, 2005 \|work=] \|accessdate=September 4, 2008}}</ref><ref>Howes, Eric L. "". Retrieved July 10, 2005.</ref>

	The {{As of\|2005\|alt=recent}} proliferation of fake or spoofed antivirus products that bill themselves as antispyware can be troublesome. Users may receive popups prompting them to install them to protect their computer, when it will in fact add spyware. This software is called ]. It is recommended that users do not install any freeware claiming to be anti-spyware unless it is verified to be legitimate. Some known offenders include:

	{{Div col\|3}}
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]
	* ]<ref name="somanynames">Also known as WinAntiVirusPro, ErrorSafe, SystemDoctor, WinAntiSpyware, AVSystemCare, WinAntiSpy, Windows Police Pro, Performance Optimizer, StorageProtector, PrivacyProtector, WinReanimator, DriveCleaner, WinspywareProtect, PCTurboPro, FreePCSecure, ErrorProtector, SysProtect, WinSoftware, XPAntivirus, Personal Antivirus, Home Antivirus 20xx, VirusDoctor, and ECsecure</ref>
	* ]
	{{Div col end}}

	Fake antivirus products constitute 15 percent of all malware.<ref>{{cite web\|author=Elinor Mills\|title=Google: Fake antivirus is 15 percent of all malware\|url=http://news.cnet.com/8301-27080_3-20003340-245.html\|publisher=]\|date=April 27, 2010\|accessdate=2011-11-05}}</ref>

	On January 26, 2006, Microsoft and the Washington state attorney general filed suit against Secure Computer for its Spyware Cleaner product.<ref>McMillan, Robert. . ''PC World,'' January 26, 2006.</ref>

	==Legal issues==

	===Criminal law===
	Unauthorized access to a computer is illegal under ] laws, such as the U.S. ], the U.K.'s ], and similar laws in other countries. Since owners of computers infected with spyware generally claim that they never authorized the installation, a ''prima facie'' reading would suggest that the promulgation of spyware would count as a criminal act. Law enforcement has often pursued the authors of other malware, particularly viruses. However, few spyware developers have been prosecuted, and many operate openly as strictly legitimate businesses, though some have faced lawsuits.<ref>" {{webarchive\|url=https://web.archive.org/web/20080622000428/http://blogs.zdnet.com/Spyware/?p=655 \|date=June 22, 2008 }}". ''zdnet.com'' September 13, 2005</ref><ref>Hu, Jim. "". ''news.com'' July 28, 2004</ref>

	Spyware producers argue that, contrary to the users' claims, users do in fact give ] to installations. Spyware that comes bundled with ] applications may be described in the ] text of an ] (EULA). Many users habitually ignore these purported contracts, but spyware companies such as Claria say these demonstrate that users have consented.

	Despite the ubiquity of ]s agreements, under which a single click can be taken as consent to the entire text, relatively little ] has resulted from their use. It has been established in most ] jurisdictions that this type of agreement can be a binding contract ''in certain circumstances.''<ref name="clickwrap legality">Coollawyer; 2001–2006; ; coollawyer.com. Retrieved November 28, 2006.</ref> This does not, however, mean that every such agreement is a contract, or that every term in one is enforceable.

	Some jurisdictions, including the U.S. states of ]<ref>" {{webarchive\|url=https://web.archive.org/web/20120406164045/https://coolice.legis.state.ia.us/cool-ice/default.asp?category=billinfo&service=iowacode&ga=83&input=715 \|date=April 6, 2012 }}". ''nxtsearch.legis.state.ia.us''. Retrieved May 11, 2011.</ref> and ],<ref>. ''apps.leg.wa.gov''. Retrieved November 14, 2006.</ref> have passed laws criminalizing some forms of spyware. Such laws make it illegal for anyone other than the owner or operator of a computer to install software that alters Web-browser settings, monitors keystrokes, or disables computer-security software.

	In the United States, lawmakers introduced a bill in 2005 entitled the ], which would imprison creators of spyware.<ref>Gross, Grant. . ''InfoWorld,'' March 16, 2007. Retrieved March 24, 2007.</ref>

	===Administrative sanctions===

	====US FTC actions====
	The US ] has sued Internet marketing organizations under the "]"<ref>See ]</ref> to make them stop infecting consumers' PCs with spyware. In one case, that against Seismic Entertainment Productions, the FTC accused the defendants of developing a program that seized control of PCs nationwide, infected them with spyware and other malicious software, bombarded them with a barrage of pop-up advertising for Seismic's clients, exposed the PCs to security risks, and caused them to malfunction. Seismic then offered to sell the victims an "antispyware" program to fix the computers, and stop the popups and other problems that Seismic had caused. On November 21, 2006, a settlement was entered in federal court under which a $1.75 million judgment was imposed in one case and $1.86 million in another, but the defendants were insolvent<ref>'' {{webarchive\|url=https://web.archive.org/web/20131102062209/http://www.ftc.gov/opa/2006/11/seismicodysseus.shtm \|date=November 2, 2013 }}'' (FTC press release with links to supporting documents); see also , Micro Law, IEEE MICRO (Jan.-Feb. 2005), also available at .</ref>

	In a second case, brought against CyberSpy Software LLC, the ] charged that CyberSpy marketed and sold "RemoteSpy" keylogger spyware to clients who would then secretly monitor unsuspecting consumers' computers. According to the ], Cyberspy touted RemoteSpy as a "100% undetectable" way to "Spy on Anyone. From Anywhere." The FTC has obtained a temporary order prohibiting the defendants from selling the software and disconnecting from the Internet any of their servers that collect, store, or provide access to information that this software has gathered. The case is still in its preliminary stages. A complaint filed by the ] (EPIC) brought the RemoteSpy software to the FTC's attention.<ref>See (FTC press release November 17, 2008, with links to supporting documents).</ref>

	====Netherlands OPTA====
	An administrative fine, the first of its kind in Europe, has been issued by the Independent Authority of Posts and Telecommunications (OPTA) from the Netherlands. It applied fines in total value of Euro 1,000,000 for infecting 22 million computers. The spyware concerned is called DollarRevenue. The law articles that have been violated are art. 4.1 of the Decision on universal service providers and on the interests of end users; the fines have been issued based on art. 15.4 taken together with art. 15.10 of the Dutch telecommunications law.<ref>OPTA, "Besluit van het college van de Onafhankelijke Post en Telecommunicatie Autoriteit op grond van artikel 15.4 juncto artikel 15.10 van de Telecommunicatiewet tot oplegging van boetes ter zake van overtredingen van het gestelde bij of krachtens de Telecommunicatiewet" from November 5, 2007, http://opta.nl/download/202311+boete+verspreiding+ongewenste+software.pdf</ref>

	===Civil law===
	Former ] and former ] ] has pursued spyware companies for fraudulent installation of software.<ref>{{cite press release\|title=State Sues Major "Spyware" Distributor \|publisher=Office of New York State Attorney General \|date=April 28, 2005 \|url=http://www.oag.state.ny.us/media_center/2005/apr/apr28a_05.html \|accessdate=September 4, 2008 \|quote=Attorney General Spitzer today sued one of the nation's leading internet marketing companies, alleging that the firm was the source of "spyware" and "adware" that has been secretly installed on millions of home computers. \|deadurl=yes \|archiveurl=https://web.archive.org/web/20090110150302/http://www.oag.state.ny.us/media_center/2005/apr/apr28a_05.html \|archivedate=January 10, 2009 }}</ref> In a suit brought in 2005 by Spitzer, the California firm ] ended up settling, by agreeing to pay US$7.5 million and to stop distributing spyware.<ref>Gormley, Michael. {{cite news\|url=https://news.yahoo.com/news?tmpl=story&u=/cpress/20050615/ca_pr_on_tc/spitzer_spyware \|title=Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general \|archiveurl=https://web.archive.org/web/20050622082027/http://news.yahoo.com/news?tmpl=story&u=%2Fcpress%2F20050615%2Fca_pr_on_tc%2Fspitzer_spyware \|archivedate=June 22, 2005 \|work=] News \|date=June 15, 2005 \|deadurl=yes \|df= }}</ref>

	The hijacking of Web advertisements has also led to litigation. In June 2002, a number of large Web publishers sued ] for replacing advertisements, but settled out of court.

	Courts have not yet had to decide whether advertisers can be held ] for spyware that displays their ads. In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with the spyware firm. Rather, they have contracted with an ], which in turn contracts with an online subcontractor who gets paid by the number of "impressions" or appearances of the advertisement. Some major firms such as ] and ] have sacked advertising agencies that have run their ads in spyware.<ref>{{cite news \|last=Gormley \|first=Michael \|url=https://www.usatoday.com/tech/news/computersecurity/2005-06-25-companies-spyware_x.htm \|title=Major advertisers caught in spyware net \|work=USA Today \|date=June 25, 2005 \|accessdate=September 4, 2008}}</ref>

	===Libel suits by spyware developers===

	Litigation has gone both ways. Since "spyware" has become a common ], some makers have filed ] and ] actions when their products have been so described. In 2003, Gator (now known as Claria) filed suit against the website ] for describing its program as "spyware".<ref>Festa, Paul. "". ''News.com''. October 22, 2003.</ref> PC Pitstop settled, agreeing not to use the word "spyware", but continues to describe harm caused by the Gator/Claria software.<ref>"". ''pcpitstop.com'' November 14, 2005.</ref> As a result, other anti-spyware and anti-virus companies have also used other terms such as "potentially unwanted programs" or ] to denote these products.

	===WebcamGate===
	{{Main article\|Robbins v. Lower Merion School District}}
	In the 2010 ] case, plaintiffs charged two suburban Philadelphia high schools secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home, and therefore infringed on their privacy rights. The school loaded each student's computer with ]'s remote activation tracking software. This included the now-discontinued "TheftTrack". While TheftTrack was not enabled by default on the software, the program allowed the school district to elect to activate it, and to choose which of the TheftTrack surveillance options the school wanted to enable.<ref name="autogenerated5" />

	TheftTrack allowed school district employees to secretly remotely activate the webcam embedded in the student's laptop, above the laptop's screen. That allowed school officials to secretly take photos through the webcam, of whatever was in front of it and in its line of sight, and send the photos to the school's server. The LANrev software disabled the webcams for all other uses (''e.g.'', students were unable to use ] or ]), so most students mistakenly believed their webcams did not work at all. In addition to webcam surveillance, TheftTrack allowed school officials to take screenshots, and send them to the school's server. In addition, LANrev allowed school officials to take snapshots of instant messages, web browsing, music playlists, and written compositions. The schools admitted to secretly snapping over 66,000 webshots and ]s, including webcam shots of students in their bedrooms.<ref name="autogenerated5"> {{webarchive\|url=https://web.archive.org/web/20100615100827/http://lmsd.org/documents/news/100503_l3_report.pdf \|date=June 15, 2010 }}, LMSD Redacted Forensic Analysis, L-3 Services – prepared for ] (LMSD's counsel), May 2010. Retrieved August 15, 2010. </ref><ref name="USATODAY">{{cite news\|url=http://content.usatoday.com/communities/ondeadline/post/2010/02/school-district-accused-of-issuing-webcam-laptops-to-spy-on-students/1\|author=Doug Stanglin\|title=School district accused of spying on kids via laptop webcams\|date=February 18, 2010\|work=]\|accessdate=February 19, 2010}}</ref><ref>{{cite news\|title=Suit: Schools Spied on Students Via Webcam\|url=http://www.cbsnews.com/2100-201_162-6220751.html\|newspaper=CBS NEWS\|date=March 8, 2010}}</ref>

	==In popular culture==
	*Spyware employed in cars, computers, and cellphones plays a major role in "Shut Up and Dance", series 3, episode 3 of the anthology TV series '']''.

	==See also==
	*]
	*]
	*]
	* ]
	*]
	* ]
	* ]

	==References==
	{{Reflist\|40em}}

	==External links==
	*
	*
	{{Malware}}
	{{software distribution}}

	==Categories==

	{{Authority control}}

	]
	]
	]
	]
	]
	]
	]
	]
	]

Revision as of 17:02, 8 March 2018

i love you habibi