December 3rd, 2003, 05:34 PM
How Spyware Works
I was wondering if somebody could explain how Spyware works in general and how cookies and such harvest your material, or can they do worse like infect you? I have googled, but it is usually easier for me to understand it from someone who can put it into laymens terms I would guess cookies would use PHP, but I'm not sure. Thanks a bunch.
December 3rd, 2003, 05:48 PM
Well, cookies are a small file that gets put onto your computer to store some type of information. This is how for instance, that AntiOnline can keep you logged on the site from a machine. There is a cookie with your username, and an encrytped password, stored on your system from here.
Spyware is a bit different. Many spyware companies associate themselves with many high traffic websites. The websites they deal with download a cookie to your computer when you visit. So lets say you visited www.golf.com. A golfing website, and they happen to incorporate spyware/adware with their site from company X. Here is a breakdown.
1) you visit www.golf.com and company X looks for a previous cookie from its comapny. If it doesn't find one, it puts a cookie on your machine stateing that you visited golf.com. You then leave this site, but the cookie remains.
2) You now visit www.espn.com, which also uses company X, and company x looks for a cookie and low and behold it finds one. It sees that you go to golf.com and what do you know? Golf ads start poping up or displaying in the banner ads. Funny how that works. Company x also ads www.espn.com to the cokkies list of sites you visit.
Based on this information, adware companies can direct ads to you based on what sites you visit. No point in putting up ads for fantasy football when grandma only visits sewing sites.
December 4th, 2003, 04:51 AM
I meant more code examples. I understand the basic idea. I guess I misstated it.
PS: Thanks anyway. I appreciate a response.
December 4th, 2003, 05:13 AM
You shall no longer take things at second or third hand,
nor look through the eyes of the dead...You shall listen to all
sides and filter them for your self.
December 4th, 2003, 07:37 AM
Okay lets go a step furthur.
A cookie is a small piece of information that a website can download and store on your computer. The cookie itself gets sent out with the HTTP headers of a website. The header's syntax is as follows:
Set-Cookie: NAME=VALUE; [expires=DATE;] [path=PATH;] [domain=DOMAIN_NAME;] [secure]
When this is called via a HTTP header, it will create a cookie called NAME with a value of VALUE. All the other stuff in braces is optional.
- expires: This sets an expiration date that the cookie will expire and no longer be valid. If no expiration date is set, the cookie stays till you or the user manually deletes it.
- path: The url that the cookie is valid for.
- domain: The domain the cookie is valid for.
- secure: This flag means that it will not be sent over a plain http connection.
Now each time the user visits the site, you will have to look for this cookie by using some type of programming. I use PHP personally, but many other languages can create cookies.
To create a cookie in PHP you use the setcookie() function.
bool setcookie ( string name [, string value [, int expire [, string path [, string domain [, int secure]]]]])
Thats basically it. You can now call the cookie each time a visitor visits a site by doing this.
Thats all there really is to cookies. Now its up to you to figure out what you can do with them.
December 4th, 2003, 04:26 PM
I think that spyware gives u an ID and that the info (profile) of the ID (you) are saved on the server. So when you go to the same site or a affiliate site it trades your info. I have asked personally some guys from the company and they say mostly that it is not spyware it is an anonymous entry on a research that tries to find how many people use windows 95 or 98 or ...
Do you think they say the truth. I don't.
December 4th, 2003, 06:39 PM
Thanks for the link LB. Thank you for the code examples XM. I will not impliment either of them as they piss me off too; I just wondered how they worked. I am not real good with PHP, but I know JScript so I may be able to figure it out, and at least the website makes sense. As for the anonymous research monk, you're probably right. It is not for anonymous research but to better target advertisements or steal information.
December 5th, 2003, 03:52 AM
You might like to look at http://www.winpatrol.com
Nice bit of security software that will let you handle cookies.....the squirrel thingie eats them, after reporting back that they are received.