Spyware

Spyware is a sort of trojan, and combines all we've talked about up to now in one glorious horrendous whole. It sneaks onto your system; it establishes communications with its mothership without you knowing about it; and it often places a GUID in your system too, so that you can be uniquely identified. The only thing spyware does not presently do (knock on wood) is take over control of your machine like Back Orifice or NetBus. But the day might come.

Any sort of malevolent program might corrupt your system already on entry, but spyware is one of the worst culprits, and several spy systems have been found to cause irreparable damage. Some users take this news lightly, claiming they can live with the consequences; but this is pure idiocy. Until the spyware is completely rooted out, you are at grave risk all the time.

When speaking of the methods these spyware people use to get onto your computer (which you assumed you owned), the word 'bastard' comes to mind time and time again. Truly, there is no other way to describe these lowlifes. What these bastards do is study the behaviour of standard Microsoft system modules, and write 'wrappers' around them, so that said wrappers contain both the original Microsoft code and then a little bit more.

Cute huh? It gets worse. When you install that innocent application you just downloaded off the net and the spyware hidden within gets ready to corrupt your system, it looks at the exact file attributes of the Microsoft system modules it's going to overwrite and notes their exact last write, last accessed, and created times before overwriting your own file and obliterating it forever. Then it restores the previous file attributes and time values, and the only thing that might make you suspect is if you happened to know (which you won't) that the new file is a few kilobytes larger than it should be. And marking your system files as read-only won't help, if that's what you're thinking (using NTFS file security will only help if you do your installs as a powerless ordinary user). If the file is marked as read-only or anything else which makes an overwrite impossible, the spyware will simply remove these attributes temporarily for the overwrite and replace them again afterwards - and only the file size itself will have changed.

There is no cure for spyware that corrupts your system files. The only cure is to wipe your disk clean, reinstall your operating system, and be more careful the next time around. And as always, check with Spychecker, which has the most up-to-date information on all the known spyware programs out there.

http://spychecker.com

While you're there, you might want to pick up their cute little system tray client as well:

http://spychecker.com/spychecker.shtml

This program will at a moment's notice connect you to the continually updated Spychecker database and tell you if that download you are drooling over is all right or not.

Next: What's Running?