-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Cyber Security Tip ST04-016 Recognizing and Avoiding Spyware Because of its popularity, the internet has become an ideal target for advertising. As a result, spyware, or adware, has become increasingly prevalent. When troubleshooting problems with your computer, you may discover that the source of the problem is spyware software that has been installed on your machine without your knowledge. What is spyware? Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes. Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications: * What information is being gathered? * Who is receiving it? * How is it being used? How do you know if there is spyware on your computer? The following symptoms may indicate that spyware is installed on your computer: * you are subjected to endless pop-up windows * you are redirected to web sites other than the one you typed into your browser * new, unexpected toolbars appear in your web browser * new, unexpected icons appear in the task tray at the bottom of your screen * your browser's home page suddenly changed * the search engine your browser opens when you click "search" has been changed * certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form) * random Windows error messages begin to appear * your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.) How can you prevent spyware from installing on your computer? To avoid unintentionally installing it yourself, follow these good security practices: * Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the titlebar instead of a "close" link within the window. * Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the titlebar. * Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs. * Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating. As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action: * Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting (see Browsing Safely: Understanding Active Content and Cookies and Evaluating Your Web Browser's Security Settings for more information). How do you remove spyware? * Run a full scan on your computer with your anti-virus software - Some anti-virus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically (see Understanding Anti-Virus Software for more information). * Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Webroot's SpySweeper, PestPatrol, and Spybot Search and Destroy. * Make sure that your anti-virus and anti-spyware software are compatible - Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems (see Coordinating Virus and Spyware Defense for more information). _________________________________________________________________ Authors: Mindi McDowell, Matt Lytle _________________________________________________________________ Produced 2007 by US-CERT, a government organization. Note: This tip was previously published and is being re-distributed to increase awareness. Terms of use <http://www.us-cert.gov/legal.html> This document can also be found at <http://www.us-cert.gov/cas/tips/ST04-016.html> For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRsMp5/RFkHkM87XOAQI/Ngf+MEdaHbBks+6QxaMjb5EYLrLP97qWMe/l l2WCZPWxOC/QCoPg9VN6imoJGIZBiB9PTieIggN3rb8OGJP4lnwnkAjaB7bs0WOS D2LDWIeaxk/9v6w5/uUCIfB446Ptd78hHjOQ0X5HcvaFSp79HhaNvCPJXcNcCTIQ nYevhFzGS0TFOkoltqXsp3OlEIqcqVCTWQVqUTJQobInR7XbgkOiquZ+65Kapg6D uqBxOwBesZ5SZA0FQ8E78qPytOEhCQJXGQLJ9A0lE2J6qu2IwtPpJU7Ui5bfIUeN RfNqpMnK8ysjiB2+aDgxQ2zR70J2ixi40Tr9qSi8zng0WFOUpLHPQw== =KFO1 -----END PGP SIGNATURE-----