T. R. Robinson Publications

Spyware and Keylogger malware have different aims to the usual computer virus. The intent, with both, is to illegally gain user information. Adware, usually, has an alternative primary purpose as discussed within the appropriate section below.

Note: As will be mentioned a number of times ‘Malware’ is the correct ‘umbrella’ term when referring to computer viruses. However, as, colloquially, the term virus is more readily understood, both will be used throughout discussions that relate to the topic.

Spyware

This is a particularly interesting type of malware because some so called spyware is actually valid and legitimate.

The aim for the malicious form of this virus is to either:

• Obtain information about a person or organisation without their knowledge. (This information may be sent on to other parties. Spyware has been utilised in identity theft.); or (possibly also);
• Gain control over a devise. (Again without the user’s knowledge.)

Note: It is not only computers that are vulnerable: Cyber criminals also target smartphones and tablets.

Legitimate Spyware

Naturally, the term ‘spyware’ will raise concerns in most user’s minds and so it should. However, there are legitimate spyware programmes.

Frequently, when downloading acceptable and useful software, a user gives authority to the suppling company to collect certain types of information e.g. location, internet use, sometimes such things as age, etc. (Users should carefully read the licence agreement to see exactly what information will be collected before agreeing to the download.) In these legitimate instances the purpose is to enable the supplier to provide relevant content, services and advertisements to meet the user’s perceived needs. As stated, the user will have agreed to this when confirming their acceptance of the license agreement. The software utilised is a form of spyware. This is also the type of software utilised for parental control programmes.

Note: Though corporate systems are not the subject of this discussion it is worth noting some businesses, especially where they handle sensitive material, may have spyware installed in corporate computers. Employee contracts should contain relevant clauses informing them of this.

Keylogger

As the name implies this type of software virus is a ‘keystroke logger’ (‘Keylogger’ is the shortened term). It monitors which keyboard keys a user strikes. Keylogger software can be both legitimate and malicious.

Legitimate: Employers may install keylogger software in their corporate computers to monitor usage (employee contracts should make this clear). Families may use it for parental control purposes. Law enforcement agencies may also use it to monitor/prevent illegal activity. Microsoft have also acknowledged the latest versions of Windows 10 have a built-in keylogger ‘To improve typing and writing services.’

Malicious: Without the user’s knowledge monitors which keys are struck on the computer keyboard. May be used to:

• Obtain passwords.
• Register bank, credit card, etc. details.
• Study computer use.
• Monitor user interactions.

Despite the name this software can also be manipulated to collect information from other sources besides the keyboard:

• Clipboard content.
• Screenshots.
• Open programme/folder/window details. (Usually by means of a screenshot.)
  Search engine enquiries.
• Etc.

Note: Keylogger may be installed either utilising software or by hardware manipulation. It is the software version under consideration here.

Adware

Though it works similarly, in that it collects some user data, adware is slightly different to other types of spyware. The principle aim, as the name implies, is to display advertisements on the user’s computer/device. A mixture of pop-up windows; flashing advertisements and links to websites are normally used. It should be noted that many such advertisements do relate to legitimate products. Nevertheless, they can be very annoying and some consider them an invasion of privacy. And, of course, some are malware.

Users should be very aware of an advert that contains:

• An ‘important’ ‘urgent’ message.
• A free offer.
• A statement that software needs to be downloaded to see content.

The advert may imply the user has to select either a ‘Yes’ or ‘No’ option to close it. Clicking either will probably result in some form of malware being downloaded. Users should simply CLOSE the window.

As always, users should exercise common sense and caution. Some also suggest they avoid interacting with flashing adverts.

What these viruses do

• May install software designed to control the device.
• May change computer settings. (To facility illegal/erroneous activity.)
• May redirect browser to something unwarranted. (To facilitate criminal intent.)
• May service pop-up advertisements. (Could be in combination with other aims.)

May also, probable will:

• Track internet habits and use.
• Register user Logins.
• Collect personal information (e.g. bank and credit card).

How devices infected

Spyware, along with other types of malware, may be spread (downloaded) onto systems by a variety of methods including:

• E-mail attachments.
• Text message attachments. (Mobile devices i.e. smartphones and tablets.)
• Social Media. (Through shared images; audio and video files; direct messaging; etc.)
• App (software application) downloads. (Usually from unverified source.)
• Malicious or compromised websites.
• Rogue advertisements.
• Infected software downloads.
• Connecting an already ‘infected’ external storage devise.
• Etc. (There are multiple sources a cyber criminal may use.)

Naturally, in all instances, the user is unlikely to be aware they are opening, viewing, downloading or connecting with/to erroneous, malicious or compromised material. Care should always be exercised when proposing to action any of the above.

Detection

This type of infection is not always obvious, in fact is probably rarely so and, consequently, is hard to detect. The user may notice their computer experiences:

• Unwanted behaviour. (Does not work as it did.)
• Degraded performance.
• Failure to boot (start) properly.
• Difficulty connecting to internet.
• More frequent ‘crashes’.

As a consequence of the above a user may assume there is:

• A hardware failure.
• A Windows installation problem.
• An internet connection issue.
• Another type of virus attack.

Of course, all of the above may occur without an attack or infection. Nevertheless, users should be aware of the possibility.

Try not to panic: Some become so panicked they abandon their existing equipment and go to the expense of buying a new device. They should hold back because it is often possible for the situation to be rectified and for their equipment to be cleared.

Resolution

Spyware (technically the term includes Keylogger and Adware because they also collect user detail without the user’s knowledge) is an insidious type of virus. Some versions will also: Disable firewalls and/or disable a computer’s antivirus software and/or reduce browser security settings.

Once detected it may be necessary:

• for all data to be backed-up; and then
• for a full, clean, reinstallation of ALL software.

Naturally, having to take such action can be irritating but it is probably the only way to ensure the computer is completely cleared.

There are some, valid, software programmes users may download to help detect whether their device has been ‘infected’ and that may also help clear it. These will be discussed in more detail in a subsequent article to be published toward the end of this ‘Computer Viruses’ series.

Prevention

It is appreciated the following are consistently repeated within related articles but it is necessary to ensure users, for their own safety, continually bare the points in mind.

• Avoid opening unverified e-mails or clicking upon links contained in them.
• Avoid visiting unknown websites (includes blogs) or following links to one if it has been provided by someone not known or not from a recognised group.
• Check social media sharable items are from a recognised/validated source.
• Do not download software from an unknown company or source.
• Do not download anything from an unconfirmed website or contained in an advertisement by unknown company or person (includes social media).
• Do consistently backup files. (Suggested at least two or three backups on different devises that are stored in separate locations e.g. USB, Hard-drive backup devises, CD (for older computers) etc.)
• Do regularly update software: programmes, applications, anti-virus systems, etc. (New versions of malware are constantly devised and detected and most software companies update their programmes to counter attacks from them (each new virus requires a new resolution). Not to regularly update the computer software may leave it vulnerable to attack from the newer viruses.)

Conclusion

Spyware of whichever type is insidious and dangerous because of the user details these are able to collect. It is often utilised in identify theft crime.

These viruses are hard to detect. Users should be aware if their device suddenly starts behaving in an unexpected manner.

The problem can usually be resolved though it normally requires a complete overhaul of the computer’s software.

Users should always employ careful consideration before opening spurious e-mails; e-mail or text attachments; linking to unknown websites or blogs; responding to unsolicited advertisements; interacting with social media shares, images or files; etc. especially if it is outside the user’s normal daily habit.

Disclaimer: The writer is not a computer programmer or in any other way a computer software expert. What is shared has been learnt through limited personal experience and/or through research. Consequently, though every effort has been made, total accuracy of all the above information cannot be guaranteed.