Signs of Infection
Once a malware program infects your computer, it can rapidly be infected by many other components. Users frequently notice unwanted behavior and slow system performance. Spyware can create significant CPU activity, disk usage, and network traffic, all of which slow the computer down. Stability issues, such as application or system-wide crashes, are also common. Spyware can interfere with networking software and cause problems connecting to the Internet.In some infections the spyware is not evident, and the user assumes the issues relate to hardware, Windows installation problems, or a virus. Badly infected systems may require a clean reinstallation of all their software in order to return to full functionality.
Only rarely does a single piece of software render a computer unusable. Rather, a computer is likely to have multiple infections. A 2004 AOL study found that if a computer has any spyware at all, it usually has dozens of different pieces installed. The cumulative effect, and the interactions between spyware components, causes the symptoms commonly reported by users: a computer, which slows to a crawl, overwhelmed by the many parasitic processes running on it.
Some spyware actually disables software firewalls and anti-virus software, and/or reduce browser security settings, and opens the system to further infections. Some spywares disable or even remove competing spyware programs, on the grounds that more spyware-related annoyances make it even more likely that users will take action to remove the programs. One spyware maker, Avenue Media, even sued a competitor, Direct Revenue, over this; the two later settled with an agreement not to disable each others' products.
Some other types of spyware (for example, Targetsoft) modify system files so they will be harder to remove. Targetsoft modifies the "Winsock" Windows Sockets files. If an anti-spyware program attempts to remove this type of threat it can render your internet connection inoperable. On Windows systems prior to Vista a typical user has administrative privileges, and any program the user runs has unrestricted access to the system. Without that level of system access privilege winsock style hijacks would be more difficult to achieve. This has led some Windows users to move to other platforms such as Linux or Apple Macintosh, which are significantly less susceptible to malware.
Advertisements
Many spyware programs display advertisements. Some programs simply display pop-up ads on a regular basis; for instance, one every several minutes, or one when the user opens a new browser window. Others display ads in response to specific sites that the user visits. Spyware operators present this feature as desirable to advertisers, who may buy ad placement in pop-ups displayed when the user visits a particular site. It is also one of the purposes for which spyware programs gather information on user behavior.Many users complain about irritating or offensive advertisements as well. As with many banner ads, many spyware advertisements use animation or flickering banners which can be visually distracting and annoying to users. Pop-up ads for pornography often display indiscriminately. Links to these sites may be added to the browser window, history or search function. When children are the users, this could possibly violate anti-pornography laws in some jurisdictions.
A further issue in the case of some spyware programs has to do with the replacement of banner ads on viewed web sites. Spyware that acts as a web proxy or a Browser Helper Object can replace references to a site's own advertisements (which fund the site) with advertisements that instead fund the spyware operator. This cuts into the margins of advertising-funded Web sites.
"Stealware" and Affiliate Fraud
A few spyware vendors have written what the New York Times has called "stealware", and what is also termed "affiliate fraud". It is a form of click fraud that diverts payment of affiliate marketing revenues to the spyware vendor.Spyware which attacks affiliate networks places the spyware operator's affiliate tag on the user's activity. The spyware operator is the only party that gains from this. The legitimate affiliate loses revenue, network reputations are injured, and vendors are harmed by having to pay out affiliate revenues to an "affiliate" who is not party to a contract.
Affiliate fraud is a violation of the terms of service of most affiliate marketing networks. As a result, spyware operators such as 180 Solutions have been terminated from affiliate networks including LinkShare and ShareSale.
Identity Theft and Fraud
In one case, spyware has been closely associated with identity theft. In August 2005, researchers from security software firm Sunbelt Software believed that the makers of the common CoolWebSearch spyware had used it to transmit "chat sessions, user names, passwords, bank information, etc.", but it turned out that "it actually (was) its own sophisticated criminal little trojan that's independent of CWS." This case is currently under investigation by the FBI.The Federal Trade Commission estimates that over 27 million Americans have been victims of identity theft, and that financial losses from identity theft are now over $47 billion for businesses and financial institutions and at least $5 billion in out-of-pocket expenses for individuals.
Spyware-makers may commit wire fraud with dialer program spyware. These can reset a modem to dial up a premium-rate telephone number instead of the usual ISP. Connecting to these suspicious numbers involves long-distance or overseas charges which invariably result in high call costs.
Digital Rights Management
Some copy-protection technologies have borrowed from spyware. In 2005, Sony BMG Music Entertainment was found to be using rootkits in its XCP digital rights management technology Like spyware, not only was it difficult to detect and uninstall, it was so poorly written that most efforts to remove it could have rendered computers unable to function. Texas state attorney general Greg Abbott filed suit, and three separate class-action suits were filed. Sony BMG later provided a workaround on its website to help users remove it.Beginning in April 25, 2006, Microsoft's Windows Genuine Advantage Notifications application installed on most Windows PCs as a "critical security update". While the main purpose of this deliberately non-uninstallable application is making sure the copy of Windows on the machine was lawfully purchased and installed, it also installs software that has been accused of "phoning home" on a daily basis, like spyware. It can be removed with the RemoveWGA tool.