May 27th, 2005, 10:45 AM
how are spywares architected
i understand that some websites knowingly set some cookies to do tracking and if other websites retrieve those third-party cookies, they may tend to open new pop-up browser instances with relevant/irrelevant websites.
having said this, i am unable to understand the following-
1. some times, a browser instance gets launched in my machine for every 5 minutes showing some website- how does that happen ?
2. i also see "shortcuts" being placed on my desktop that are essentially links to some casino websites - how are these shortcuts created ?
i have never installed any software on my laptop and it is a clean anti-virus protected laptop and i just use IE and MS office applications.
if the questions are trivial, can someone point me to an article that explains the technical works of all this stuff ?
May 27th, 2005, 12:32 PM
Software can be installed on your desktop, especially through IE, without your knowledge. No matter how technically savvy you or I may be, we learn to tune out repeated warnings. Just this of how many times you have ignored the "You are about to send data over an unencrypted connection" warning. Eventually, we subconciously learn to filters these warnings out of our decision making process. I have some backround in psychology and have studied the matter myself. iE has a feature which can automatically install software from a website on behalf of a user. This is required, for example, for Windows Update to work. You may have a setting which surpresses the warnings it normally gives, or you may have tuned out these warnings or simply missed one and inadvertently allowed spyware on to your system.
Also when you say your laptop is AV protected, do you mean that it is also running anti-spyware software? Antivirus software is currently behind specialized spyware software in terms of what it can detect. I would suggest using something along the lines of AdAware or SpyBot Search and Destroy to search for software which your AV may have missed. There are plenty of tutorials here on removing spyware.
Unfortunately I do not know the specifics of how spyware actually works, aside from what I have seen when problems occur when cleaning other people's systems. Some, for example, hijack the IE and Windows Explorer DNS resolver code and redirect queries to a specific website. When the spyware is then removed, URL resolution is broken with IE and Windows Explorer, but Firefox and Netscape for example will still resolve queries just fine.
I think what has happened in your case is you have either missed a security setting which inhibits the installation of software remotely, or you have inadvertently allowed something to be installed despite those warnings. Either that or you have indeed installed software which you did not believe to be malicious. If you post a HijackThis log we might better be able to help you.
Government is like fire - a handy servant, but a dangerous master - George Washington
Government is not reason, it is not eloquence - it is force. - George Washington.
Join the UnError
May 27th, 2005, 02:25 PM
Thanks a lot for the enlightenment- will use "hackthis" and get the log.
May 27th, 2005, 02:26 PM
By the way, what is that setting in IE you are referring to ?
May 27th, 2005, 10:42 PM
these things are far from being trivial.
Actually cookies don’t have much to do with it. Cookies are a form of marketing research. They are used to track you internet activities to target you with ads according to your interests. They are not used to display the ads just gather information on you.
Icons appearing on your desktop, pop-ups every five minutes (even if your offline) and browser re-direction come from spyware. software that has been downloaded onto your computer without your knowledge or permission. This is done by taking advantage of vulnerabilities in your browser to download and run small files (downloaders) which in turn download and run larger programs.
This is becoming less and less of just an IE problem as more folks are using other browsers.
Here’s an example of how one would work in firefox:
although the bat file in this example runs a dir command it could easily be written to contact a server then download and run anything the composer wanted.
What you have on your computer is spyware. It may take allot more than just spybot to remove them all but you need to find out what exactly you are infected with first.
The largest point here is “vulnerabilities”. These things only happen because they can.
To avoid getting them in the future make sure you keep your computer and browser up to date on all the latest patches, run something like spybot which has realtime protection (teatimer) and don’t allow activeX controls and applets to just run automatically. Set your computer to ask you for permission first (prompt).
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”