2.6.6 Spyware and Adware

Spyware or privacy-invasive software is malware that is installed on computers without users’ knowledge or permission. The intent is to gather information about the user that is then sent back to attackers who can then sell that information or use it to impersonate that user. All types of information can be gathered including websites visited, terms entered in search engines, logins and passwords, information entered into forms, etc. Spyware can also change computer settings or redirect the user to a different website than they intended to go.

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

A keylogger is one type of spyware. Keyloggers can be software that is loaded onto the computer or hardware fitted to the keyboard. Keyloggers record every key pressed by the computer user. Attackers use keyloggers to gather user’s personal and financial information that they enter into bank websites, retail websites, email, etc.

Spyware is often carried via email. Do not download any files, particularly exe files, from any email unless you specifically requested it. To combat spyware, install anti-spyware on all computers within the company, download updates, and scan every incoming and outgoing email. Every employee should scan every file on their computer at least once a week.

Adware is advertisements that are displayed while a free or reduced cost program is running. Developers sell space to advertisers to help defray the costs of developing the software. Although adware is not desirable, it is actually not malware since its intent is not to do harm but advertise. If users do not want adware, they can purchase a software license. Also most anti-spyware programs can identify adware on user’s systems.