Spyware coders have plenty of tricks up their sleeves for stealing information from your system. Many use your Internet browser as a gate, but spyware can also use other apps in your computer.
Before all the creepy details make you a little paranoid (a small amount of paranoia is probably advisable), keep in mind that you can still fight back. But first, you need to identify the likely entry points of spyware attack.
A bad Web site can try to access a cookie of another Web site, say, when you are visiting www.badsite.ru, it may try to collect your Google or Yahoo! cookies by impersonating as the actual Google or Yahoo! site. Why would it be useful to a malicious person? Well, for starters, computers that are used to open Gmail or Yahoo Mail accounts should have cookies that allow hackers to access those account. Hackers can have full access just like a regular user, like send an e-mail, receive an e-mail, and read all your old e-mails. That includes e-mails with important documents attached or worse, the hacker can use the ‘forget password’ feature from your financial service Web sites and get the password easily. Oh my!
Even if the hacker is unable to access you e-mail, he/she can track what Web sites you have visited and when. Actually much of what is going on with spyware infection is about advertising, and figuring out what sites you are visiting is quite useful to advertisers.
Running an application on your computer could be what is needed to inject certain spyware, but downloading and running an application could also be what a spyware does after it infects your system.
Years ago, Internet Explorer was plagued by a vulnerability that allowed a bad Web site to download and run a malicious ActiveX control in user’s system. With ActiveX technology, hackers can do pretty much anything they want on a user’s system, including running other applications or downloading additional applications and files to the users’ system. In keeping with the subject in this article, a spyware could snoop around in your computer, permitting a bad application to do whatever it wants.
Any malicious person with a decent imagination and a little amount of skill can wreak a binary havoc on your computer, including complete destruction of important files, transmission of your sensitive files to others, and DDoS attacks (sending millions of tiny packets to your server in order to disable or cripple it).
Viewing the clipboard
A supposedly handy feature of IE is its ability for external Web sites to see your Clipboard. Although there a few benefits of sharing your Clipboard, it may also spell trouble. Who knows what might be on the Clipboard at any given time? If you often copy URLs, paragraphs of classified information, user IDs, or even passwords you’re inviting for a disaster to strike.
Hard drive access
Some ActiveX controls allow hackers to read your read hard disk, or may even read and write it. Combined with other critical vulnerabilities, your data can be moved, modified, destroyed, or distributed online.
Web pages spoofing
A cleverly designed Web page can impersonate a popular Web page, including the web address in your browser’s address bar! This technique gave rise to a good deal of successful phishing frauds. (A phishing scam also includes an official-looking e-mail message that trick unsuspecting victims to a site where they’re asked to submit critical information, such as credit card number; or user name and passwords of your online banking service)
A lapse in the judgment led them to click the site referenced in the e-mail. A serious vulnerability in the user’s browser allows the page to fake the web address in the address bar, making users believe that they are visiting a legitimate site. While, less sophisticated a phishing attempt will take users to sites where the web address only slightly resembles the real thing, in the hope that the users won’t spot the difference. After the spoofed site fools the users into believing that they are on a legitimate site (say, a credit card service site), they are coerced into supplying sensitive information to the site owner or potentially even installing even more harmful application.
It is a program that is developed to record all keystrokes on your computer. Some keyloggers even store mouse button clicks and its movements. Although they’re possibly useful as corporate surveillance or diagnostic tools, hackers frequently use key loggers for unlawful purposes, such as stealing usernames and passwords from unsuspecting victims. In many cases, hackers have installed keyloggers on public computers in Internet cafes or public libraries. But many keyloggers are also installed on private networks and computers around the world.