Your Ad Here

Spyware creators have an arsenal of tricks for extracting information from a user’s computer. Most utilize a Web browser as a coconspirator, but spyware can also sneak in when other programs are installed, as well as if a virus or worm successfully lodges itself in a user’s computer.


Hijacking cookies
A Web site can attempt to access a cookie that is associated with another Web site (in case you’re not familiar with how cookies work, one Web site is not supposed to be able to access any cookies except for those it left there earlier). For example, if you’re visiting www.scumads.com (not a real site), that site may try to retrieve your Yahoo! or Google cookie by impersonating the original Yahoo! or Google site in particular ways.

Executing programs
Running a program on your computer might be what’s needed to install certain spyware, but running a program could also be what the spyware does after it’s installed. A vulnerability in Internet Explorer can permit a Web site to download and execute a malicious ActiveX control that, in turn, can do pretty much anything it wants on a user’s computer, including run other programs or download additional programs and files to the user’s computer.

Reading the Clipboard
Another one of those supposedly friendly features of Internet Explorer is its ability for Web sites to read the contents of your Clipboard. Although I can imagine the potential usefulness of sharing the Clipboard, in my mind this also spells trouble. Who knows what could be on your Clipboard at any given time? Do you ever copy pathnames, URLs, user IDs, passwords, or paragraphs of confidential information? I can smell the potential danger, and I hope you do, too.

Accessing the hard drive
An ActiveX control on a Web page can not only access the user’s hard drive, but also read and write data on that hard drive. Combined with other vulnerabilities, scripting on a Web page can cause any data on a user’s hard drive to be moved, altered, destroyed, or copied over the Internet to any location.

Spoofing well-known Web pages
A cleverly (or, I should say, diabolically) coded Web page can impersonate a well-known Web page, including the URL in the browser’s address bar! The vulnerabilities that permit this gave rise to many successful phishing scams. (A phishing scam is typified by official-looking e-mail messages that lure unsuspecting victims to Web sites where they are asked to surrender sensitive information, such as financial institution user IDs and passwords, or perhaps credit card or bank account numbers.)

0 comments

Earn $$ with WidgetBucks!