Has your organization been compromised by spyware?  You may want to read on before answering.  According to a recent study conducted by Websense Inc., a leading provider of anti-spyware software, 92% of all IT administrators involved believed their networks where infected with some type of spyware.  Only 6% of the IT staff believed they were responsible for downloading spyware into the network.  Incidents such as this have contributed to a large problem as so many people do not know enough about spyware to help prevent the infection.  Regardless of how it is being distributed, spyware has become such a concern that even the U.S. Congress has taken note. 

Why it is a Problem?

Spyware programs have been viewed as intrusive as many internet users are not pleased with having their surfing habits documented.  The fact that several web sites deploying these programs are questionable makes things even worse.  What began as a simple adware program has often been discovered to be malicious software that harbors viruses, hacks into and steals personal data, propagates spam, or hijacks a web browser.  This type of program can easily capture a victim's credit card or PIN number when making purchases or banking online.

When this sensitive data is collected by an adware database it becomes a repository well suited for financial fraud and identity theft. 

Good Spyware?        

Not all spyware is used maliciously, as evidenced in the instance with domestic spyware.  This type of program is usually installed by a parent, teacher or company who want to monitor the internet activity of other users.  IT administrators may want to check up on members of their staff while parents may be suspicious of whom their children are chatting with online.  Domestic spyware is viewed as useful in these instances though it still can be abused by malicious individuals. 
Like many tools used by hackers, spyware programs are readily available and can be easily installed without a user's knowledge or consent.  Law enforcement agents have been known to use domestic spyware to monitor suspected illegal activity, while criminals have used it to thieve data from government agencies and large corporations. 

The SPY BLOCK Act

In November of 2005, the Senate Commerce Committee approved the SPY BLOCK Act.   The legislation was actually a substitute amendment to the original bill introduced by Senator Conrad Burns in February of 2004.  As amended, the legislation specifically addresses computer hijacking, loss of control over a computer, adware that doesn't reveal it's complete operation, and the collecting of personal data.  It prohibits the collecting of personal data when the process of collection is not "clearly and conspicuously disclosed" or advertised as part of the program's intent.  If personal information such as bank account or Social Security numbers is to be collected, a consent regime and notice is required.  Additionally, the user must be able to manually uninstall any software that collects personal data. 
The SPY BLOCK Act also strengthens enforcement by giving authority to the FTC and state attorney generals to enforce these provisions.    
This bill has since been moved into full Senate for complete consideration.  Many critics feel that is will be less effective than the CAN SPAM Act of 2003 as exploits by malicious individuals become more advanced

While the techniques have evolved, hacking is not a new practice by far.  Over the years, intruders have developed numerous ways to program computers to spy on other machines.  However, commercial spyware is a relatively new concept that has plagued numerous personal computers and business networks.  In the late 90s, many companies began to monitor the online activity of their employees.  This was done to discourage them from sending inappropriate messages or accessing inappropriate content on a company computer.  Monitoring software remains prevalent in today's business world

Home users were introduced to commercial spyware as high-speed internet connections became more popular.  Firewall applications grew popular around the same time, able to report outgoing and incoming internet traffic.  User then noticed that some of their downloaded programs accessed the internet more frequently than they should have.  Shortly, adware was discovered and actually being used by a few prominent software companies including Broderbund and RealNetworks - both of these companies have ceased this method of advertising due to widespread complaints from the public. 
Adware was created as a way for small freeware and shareware developers to stay in business.  These developers were offered money by marketing companies to include adware codes into their programs.  This gave the software developers a steady means of cash.  It also gave the marketers a way to advertise their products to millions while gaining personal information about those users for future endeavors.  This worked out for everyone, even the user who was able to download the software for little to no money.  The downside was that users also had to turn over a bit of their privacy as well. 

The Truth

The fact that a user can easily be victimized by a spyware program is enough to strike fear in anyone.  The truth is that adware strictly designed to display pop-up advertisements are more prevalent than spyware applications looking to steal your sensitive information.  Many well known companies incorporate adware into their programs, something that has not deterred millions of people from using their software.  While there is a great chance your computer is being monitored on the job, it's rather unlikely that a hacker is running through your computer in search of sensitive data, although it has been known to occur.  

Future Outlook

Though it's no way to predict how much spyware will increase over the next few years, it's rather apparent that this intrusive infection is here to stay.  Adware has become an essential part of basic internet computing, accompanying freeware and even popular email servers.  Businesses will continue to monitor employee behavior while parents are more likely to check out the online activity of their kids.   
Just knowing its capability makes spyware a very frightening concept.  Without proper security implementation, your computer is vulnerable to commercial spyware and wide range of other threats.  You can drastically reduce the chance of being infected by taking caution when downloading freeware and shareware programs, never opening the email attachment from an unknown sender and installing a reliable firewall application.  

A spyware dialer is a malicious program that installs itself onto a computer and attempts to dial telephone lines at other locations, often incurring expensive phone bills for the victim.  A dialer is much different than the spyware typically bundled with free software downloads.  They are however, difficult to detect and furthermore prove that the dialer is responsible the chargers.  It is also difficult to distinguish a legitimate dialer from a spyware dialer, a factor that has made this infection much harder to control.   

How a Dialer Functions

Any computer system with little or improper security implementations is vulnerable to a spyware dialer.  The Microsoft Internet Explorer Browser is often targeted by this program as it's default settings allow for an easy installation.  This type of spyware can also be installed through applications downloaded from the web, through cookies used to connect you to a site, or pop-up advertisements asking you to install or click something.  Dialers have also been known to "piggyback" on spam carrying pornographic content.  In rare cases, merely viewing an email  enables a dialer to be installed. 

Dialers are most commonly distributed when ActiveX security settings are not properly configured in the Internet Explorer web browser.  When the browser loads a page composed by the dialer's creator, a corrupt Active X control is installed which then downloads and runs the spyware program.  Once it has been executed, the dialer is often set to load when the computer starts up.  When the code is loaded into memory, it can wait for the computer to sit idle for a certain amount of time while the user is away.
Similar to most spyware, a dialer is typically installed without the user's knowledge.  When it decides to strike, the program then dials up telephone numbers in foreign countries or to pornographic services, accumulating various charges.   The spyware does this by hijacking a user's internet connection and secretly routing the victim through toll numbers that may cost unknown amounts of money per minute. 

Popular Dialers        

Dialers have been used by pornographic dealers more recently.  This involves covertly downloading and installing a program on the computer of an unsuspecting user, forcing them to automatically dial pay-per view porn sites, charging the victim an outrageous fee each time it occurs. 
A similar exploit uses a well known program called a TIBS dialer, which hijacks a phone modem and redirects it to a pornographic pay-per minute site. 
Another program that has inflicted a considerable amount of damage is the Trojan horse dialer.  This typically comes in the form of a Windows executable file with a filename extension such as EXE., COM., BAT., SCR., PIF., or .BAT.  The Trojan disguises itself as a useful program but actually has intentions of infecting your system.  Once activated, it installs a dialer that manipulates your internet connections, install other types of malware or sends personal data to another location. 
The best defense against any type of dialer is a reliable firewall program.  When configured properly, this application will keep hackers out of your system and spyware dialers away from your phone lines. 

Adware refers to applications that are often bundled with other programs and designed to display web-based advertisements.  They are typically distributed at a much lower cost or for no cost at all as the primary source of revenue comes from displaying the ads instead of actually selling the program.  Although most forms of adware function with the sole purpose of flooding your computer monitor with advertisements, a few of them serve as rather useful tools.  One such example is the Opera Web Browser, a popular application that displayed a tiny pop-up advertisement until the product was registered.  While Opera has since become a freeware application, many ad-sponsored programs remain quite common. 

In many instances, adware remains in the category of unwanted and potentially harmful software.  It is often bundled with keyloggers and other spyware features opposed to a useful web browser like Opera. 

What is AdBreak?

AdBreak is an ad-supported program, more specificially, a BHO (browser helper object) that is typically installed without a victim's knowledge or consent.  Like most spyware, it is often bundled with shareware or freeware applications and automatically installed with the legitimate program.  AdBreak uses web browser exploits to initialize forced and hidden installations.  It has the ability to modify a user's browser settings, hijack web pages and redirect them to irrelevant or compromised internet locations, display unsolicited pop advertisements, create new button links and toolbars and consume a great amount of bandwidth which slows down system performance. 
This type of spyware has the ability to establish outside internet connections, which is usually done to download updates to a system or report captured data to remote affiliates.  AdBreak often displays offensive advertisements without the presence of an active web browser and tracks a user's web surfing and shopping habits, data generally gathered to make way for targeted advertising.  
Any type of adware that does not attain an explicit agreement from the user, does not disclose the data it will collect or whom it will be sent to, displays advertisements in a disruptive manner, or secretly install other programs is rightfully termed as spyware and constitutes as an invasion of a user's policy.  While mild types of adware generally will not compromise the security of a computer, more aggressive forms such as AdBreak are known for performing illegal operations.  This program has been reported to silently download other programs such as Trojan horses and keystroke loggers.  The AdBreak program has been a major problem for many users and proven to be rather dangerous. 

Removing AdBreak

Sometimes, ridding your system of spyware is as simple as going to the "Add/Remove Programs" area of your computer and manually removing it.  Unfortunately, AdBreak is often completely embedded into a system, making the process of removal nearly impossible.  The good thing is that plenty of anti-spyware and anti-malware solutions are available and ready to take care of the problem for you.  These programs will run a thorough scan of your system in search of spyware, complete destroy them and help to keep them out.

Some types of spyware are practically harmless and are used for legitimate purposes.  Some bog your computer down with advertisements, terribly effecting it's performance.  Others are used with malicious intent, secretly collecting your personal data and reporting it back to third-party sources.  CrackedEarth is one example of spyware that has the ability to do all of the above and much more. 

What is CrackedEarth?

CrackedEarth is a BHO (browser helper object) program that is downloaded without a victim's knowledge.  It is typically installed along with shareware applications or Trojan horses masquerading as useful programs.  This type of spyware is also distributed via Active X drive-by downloads in which it is contracted by visiting compromised web sites.  CrackedEarth functions by hijacking the Microsoft Internet Explorer web browser and often modifies a users homepage and search page.  It may also install additional toolbar features such as bookmarks  and links in the Favorites list.  The CrackedEarth program is executed every time a user launches the Internet Explorer web browser. 

CrackedEarth is not to be confused with a virus or Trojan though it does have characteristics similar to a Trojan horse.  It may work as an adware dropper by delivering adware components and other malicious programs into a user's system.  When executed, a setup window is displayed which indicates that a folder has been created and files have been dropped.  The CrackedEarth installer drops a DLL. file which is injected into the Internet Explorer application.  The DLL. files is responsible for redirecting a user to specific sites when certain keywords are typed into the address bar.   
It is recognized that such a program may have a genuine purpose in the context where an authorized user has knowingly installed the application.  If you have agreed to the licensing terms of this software or that of another bundled program, there may be legal obligations attached to removing CrackedEarth or using the original application without conjunction of this application. 

Removing CrackedEarth

A common way to remove this type of spyware is to uninstall CrackedEarth using the "Add/Remove Program" utility of your operating system.  Unfortunately, this method often leaves behind scattered spyware files that enable CrackedEarth to completely reappear following a system reboot.
Here are a few tips for detecting and removing this stubborn piece of spyware:      
Step 1: From your desktop screen, go to "Start">"Search">"All Files and Folders"
Step 2: In the box that reads "All or part of the file name" enter "CrackedEarth"
Step 3: If CrackedEarth files are discovered during the search, hover your cursor over the folder, highlight and right-click it. 
Step 4: When the dialog box displays, navigate down and click "Delete".  This should move the CrackedEarth folder and all of it's files to the Recycle Bin. 
Step 5: Access the Recycle Bin from your Desktop screen and "Empty" the program files from your system.
In order to avoid the risk of damaging your computer or not completely disposing of the program, security experts recommend using a reliable anti-spyware application to automatically detect and remove CrackedEarth along with other types of spyware that pose a threat to your system.

Spyware is one of the most controversial programs circulating today.  Hence the name, this software has the ability to spy on your computer activities and report that information back to another source.  Spyware has received a bad reputation as many individuals have used these programs with malicious intent, installing them without user knowledge or consent and stealing personal information.  However, spyware is used legitimately at well.  This occurs when administrators monitor the internet activity of staff members or when parents monitor their children's behavior to learn who they are chatting with online.  Adware, a variation of spyware, is also prevalent in today's programming as several developers running advertising campaigns and affiliate programs use it to freely distribute their software. 

What is Hotbar?  

Hotbar is a program that has been showing up on the computer's of thousands of users.  According to the developer's website, this software enhances a user's internet experience by personalizing email applications and sites they visit.  Hotbar is used by many people to add colorful themes and smiley faces to their Internet Explorer toolbar and email messages.  While this software is rather useful, there are three important factors you need to be aware of:
1.  Hotbar is classified as adware/spyware software.  It monitors all of the web sites you visit on the internet.  This is done to collect data regarding your interest and habits, which leads to pop-up ads along with new buttons and advertisements in your toolbar.  2.  The Hotbar program is automatically updated from the site's database without your approval.  The updates may consist of new features able to bypass the security and privacy of settings your applications and how it gathers data about you. 
3.  Contrary to the way this software is often presented, Hotbar is not an official Microsoft upgrade for Internet Explorer or their Outlook email application. 

Detecting Hotbar

There are various ways to know if the Hotbar program is installed on your computer.  You can began by taking note of the following steps:

Removing Hotbar

You can remove the Hotbar program by following these instructions:
1.  From your desktop screen, click "Start", "Settings" and then select "Control Panel"
2.  Select "Add/Remove Programs" 
3.  Select "Web Tools by Hotbar" and click the "Add/Remove" tab at the lower right of the window
4.  Check the box for "Browser" and "Email toolbars"
5. Click the "Uninstall" button
Sometimes, the Hotbar program will not uninstall entirely and returns after a system reboot.  When this occurs, anti-spyware software may be your only option for completely removing it.

 

One company that has been at the center of the spyware controversy for years is Claria Corporation, well known for serving targeted advertisements to more than 40 million computer users.  Critics have stated that this vendor does not fully disclose to users that data is being collected and how it is to be used.  Many of these issues were found in the Kazaa file sharing program, an application that includes the Claria software.  In this article, we will overview the Claria program and touch on a few of the characteristics that constitute spyware. 

Installation

Upon installing the program, the installation wizard states that Claria will display advertisements based on the sites a user visits on the internet.  The wizard does not state that it will monitor every site a user visits and report that data back to the vendor's database as long as the software is functioning.  However, this information is clarified in a detailed EULA (End-User License Agreement), which is read by very few users.  The EULA gives Claria the right to track and report back information regarding all of the programs on your computer, along with the first four digits of your credit card number, allowing them to know what institution you bank at.  The installation wizard does not disclose the fact that the monitoring function of the application may also run when the useful part of the program is shutdown or disabled. 

Another huge concern of the public was the fact that the users were forbidden to remove Claria software with anti-virus or anti-spyware software.  According to the EULA, the only way a user was permitted to remove the program was by using the "Add/Remove Programs" utility in the Microsoft Windows operating system. 
Additionally, the EULA does not fully disclose as to what data the Claria Corporation actually collects.  Many users were outraged that the program captured sensitive data that could be potentially used to commit internet crimes.  Scott Eagle, the company's Chief Marketing Officer, claims that the only information Claria collects now is behavior of "commercial intent" - referring to product research and shopping online.  Eagle went on to claim that the data is filed by an anonymous computer identification number and does not collect email addresses, usernames, zipcodes or complete credit card numbers.  

Removal of Claria

Like many types of spyware and adware, the Claria software doesn't completely uninstall after using the "Add/Remove programs" utility.  It leaves behind various files and programs such as GAIN, that lead back to the company's network, along with several fragments that can only be cleaned up by a registry cleaning application.  Scott Eagle states that GAIN is a separate add-delivery program that only collects non-personal user data and automatically uninstalls itself after all traces of Claria are completely removed.    

Claria Today

Once coined as the king of spyware, Claria exited the adware business in 2006, putting an end to it's pop-up ad campaign.  PersonalWeb and Axon, Claria's new products, offer personalized web pages to users while providing them with advertisements and relative content based on searching habits and web browsing behavior.   While the company stresses a huge difference in how these programs collect data, they sound rather similar to the spyware that stirred up major concerns.  In order to reduce the chance of having your personal data collected, the best advice is to stay away from products by the Claria Corporation