Adware/Spyware Information

1. Introduction

Adware and Spyware are two types of software which can get installed on your computer without your knowledge, and whose activities intrude into your use of the computer and also your privacy. Unlike computer viruses, adware and spyware generally do not try to cause damage to your computer system or try to spread themselves to other computers.

1.1. Adware

Adware comes in various forms. The most common symptoms of its activity include:

  • unwanted advertising matter randomly appearing on your screen
  • your browser's home page being "hijacked" to display a page for some commercial service or search engine
  • problems connecting to web services which authorise access on the basis of internet IP address

Some free or shareware software (for example the Opera web browser) legitimately displays advertising in a clearly stated way to finance the software's development. However, adware does this in a covert way by installing itself secretly, for example by including itself alongside some other product you are installing, or by enticing you to click on a web-screen image. In some cases, you may unwittingly agree to adware installation in the small print of an on-screen licence agreement when installing a software package.

As well as displaying advertising, adware can also record information about your web-browsing activities and report these to a third party, for example to target the advertising to your interests. Some web browser add-ons, such as the Alexa toolbar, do this.

Not all unwanted screen advertising is a result of adware. Some web pages produce their own local onscreen pop-ups when you view them. These pop-ups can be irritating but are not produced by an adware infection. They can usually be supressed by a "pop-up blocker" such as the one provided by the Google Toolbar.

1.2. Spyware

Whereas adware may be largely an irritation, spyware presents a much more serious threat. Spyware snoops on your computer activity and may record keystrokes, including passwords and other private information, which are then communicated to others, possibly resulting in criminal activity such as using your credit card details. Spyware installation, too, may originate as part of a freeware product, or by enticing you to click on a web-screen image.

1.3 Drive-by downloads

On of the more recent and worrying developments with computer security is the prevalence of 'drive-by downloads'. This is a method of installing potentially dangerous code onto a device by just visiting a web page without requiring the user to accept or even run the program. A drive-by download will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw. This initial code that is downloaded is often very small (so you probably wouldn’t notice it), since its job is often simply to contact another computer where it can pull down the rest of the code on to your smartphone, tablet, or computer.

Often, a web page will contain several different types of malicious code, in hopes that one of them will match a weakness on your computer. These downloads may be placed on otherwise innocent and normal-looking websites. You might receive a link in an email, text message, or social media post that tells you to look at something interesting on a site. When you open the page, while you are enjoying the article or cartoon, the download is installing on your computer.

Drive-by downloads can be best avoided by being mindful of the type of websites that are visited. Sites featuring adult content and file-sharing websites are prime targets for this sort of attack. 

The McAfee Blog lists a few more tips to stay protected: 

  • Keep your Internet browser, and operating system up to date
  • Use a safe search tool that warns you when you navigate to a malicious site
  • Use comprehensive security software on all your devices, like McAfee All Access, and keep it up to date.

1.4 Botnets

This is a network of connected programs communicating together in order to perform a task. They can perform perfectly legal tasks like keeping control of Internet Relay Chat (IRC) channels but frequently they are employed by computer hackers for more nefarious purposes. Computers can be co-opted into a botnet when they execute malicious software. This can be accomplished by luring users into making a drive-by download, exploiting web browser vulnerabilities, or by tricking the user into running a Trojan horse program, which may come from an email attachment. This malware will typically install modules that allow the computer to be commanded and controlled by the botnet's operator and many computer users are unaware that their computer is infected with bots. Depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain the modules. After infection, the users computer becomes a bot or 'Zombie',

The image below shows a typical example of a botnet setup. The botnet's originator or 'bot herder' can control the group using the Command and Control (C&C) server to instruct the various 'Zombie' computers linked to the botnet. Once a healthy network of 'Zombie' computers has been created the bot herder can sell the services of the botnet for purposes such as spamming, malware infection or Distibuted Denial of Service (DDoS) attacks.

 

2. Removing Adware/Spyware

A number of free software products check for and remove adware/spyware from your system. Some of the most well-known ones are:

  • Malwarebytes (free version provides detection and removal; needs to be updated and run the scan manually on free version)
  • Ad-Aware (performs detection and removal; free for individual private use only)
  • Windows Defender (performs ongoing detection and removal)
  • Spybot Search and Destroy (performs detection and removal)
  • HijackThis (specifically aimed at home-page hijacking)
  • MacScan (for the Apple Macintosh)

As with anti-virus software, it is crucial to keep adware/spyware removal products up-to-date for them to be effective.

Unfortunately, some supposed adware-removal programs exist that are of doubtful quality, or that give inflated numbers of detection warnings to encourage sales, or that even install their own adware. The Spyware Warrior web site gives more information on such products.

3. Preventing Adware/Spyware Infections

Some of the anti-adware/spyware removal packages mentioned in the previous section may offer protection against adware/spyware being installed in the first place although this may be in a non-free version of the program.

You can reduce the possibility of adware/spyware infections in Internet Explorer (IE) by raising the level of its security settings. In IE go to [Tools->Internet Options->Security] and set the security level for the Internet Zone to High. (If no slider is visible, click Default level to make it appear first.) Then set the security level for the Trusted Zone to Medium and add the sites you use and trust to this zone; you may need to do this quite often as many badly-designed sites will not work in the High security mode.

Another issue with Internet Explorer is its Related Links option on the Tools menu, the use of which can transmit your web browsing activities back to a company called Alexa. Some spyware removal software will offer to remove this facility.

Since many adware/spyware (and other security attacks) exploit specific weaknesses in Internet Explorer, another option is to switch to another web browser such as ChromeFirefox or Opera except for web sites that only behave properly using IE.

In general, try to avoid clicking on any enticing-looking buttons on web pages, for example the [X]in the corner of an irritating graphic may not be a real close-box, but a disguised button to install adware/spyware. (Pressing Alt/F4 is a safer way of closing the currently active window.) Avoid installing any software from unknown sources - even if the product performs a useful function, there may be a hidden cost if it also installs adware/spyware alongside itself.

 

Service area: 

Written by IT Services. Latest revision 15 May 2017