Routes of Infection

An emense and growing number of web site pages contain malicious code that may infect your computer when you visit those sites. Often the site owners are not even aware of the presence of the malicious code, because their sites have been hacked and the malware placed there without their knowledge.

Wikis and blogs are not immune to hijacking. It has been reported that the German edition of Wikipedia has recently been used as an attempt to vector infection. Through a form of social engineering, users with ill intent have added links to web pages that contain malicious software with the claim that the web page would provide detections and remedies, when in fact it was a lure to infect.

Targeted Mail Server threats are an emerging mechanism through which malware is propagated. Cybercriminals distribute malware to target one specific organization or industry, often for financial gain.

Web data transfer protocols (http and ftp) are used to spread malware via "drive-by" download, when web pages containing spurious keywords are indexed by legitimate search engines, as well as when JavaScript is secretly added to legitimate websites and advertising networks.

Spyware usually infects a computer through deception of the user, or through exploitation of software vulnerabilities.

Most spyware is installed without users' knowledge. Spyware often escapes notice by piggy-backing on [being bundled with] a piece of desirable software, or by tricking you into installing it (the Trojan horse method). Some "rogue" anti-spyware programs masquerade as security software, while being spyware and adware themselves.

The distributor of spyware usually presents the program as a useful utility, for instance as a "Web accelerator", or as a helpful software agent, or as a special video codec. Users download and install the software without suspecting it could cause harm. For example, Bonzi Buddy, a program bundled with spyware and targeted at children, claims "He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money!".

Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program and installs it, and the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software. In other cases, spyware authors have repackaged desirable free software with installers that add spyware.

Another way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. Internet Explorer prevents websites from initiating an unwanted download. Instead, it requires a user action, such as clicking on a link. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as "Would you like to optimize your Internet access?" with links which look like buttons reading Yes and No. No matter which "button" the user presses, a download starts, placing the spyware on the user's system. Later versions of Internet Explorer offer fewer avenues for this attack. But, as mentioned elsewhere in these pages, the Firefox browser is considered by many to be much more resistant to these attacks.

Some spyware infects a system by exploiting known vulnerabilities in web browsers and other software. When the user navigates to a web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware. This has become known as a "drive-by download", which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in older versions of Sun Microsystem's Java runtime. [You should remove any old versions of Java Runtime Environment from your computer, and install the most recent version from Sun Microsystems.]

The installation of spyware frequently involves Internet Explorer. Its popularity and history of security issues have made it the most frequent target. Its deep integration with the Windows environment and scriptability make it an obvious point of attack into Windows. Internet Explorer also serves as a point of attachment for spyware in the form of Browser Helper Objects and toolbars, which modify the browser's behavior and may redirect your web queries, present pop-ups, and steal personal information.