What is spyware/grayware? Parent topic

Spyware includes software programs and technologies (called "bots") that seek to surreptitiously collect data and transmit it back to a host source.
The category of spyware and other grayware security risks includes adware, Internet cookies, Trojans, and surveillance tools. The type of information collected by spyware ranges from the relatively innocuous (a history of visited websites) to the downright alarming (credit card and Social Security numbers, bank accounts, and passwords).
The majority of spyware/grayware comes embedded in a "cool" software package which a user finds on a website and downloads. Some spyware programs are part of a legitimate program. Others are purely illicit. The network administrator needs to determine whether a given class of software is something he or she wants to allow on the network, or something they want to block.
Spyware installs in a variety of ways, for example:
  • As a by-product that results from installing software
  • As a result of clicking something in a popup window
  • As an invisible addition that is installed along with a legitimate download
  • Through Trojans, worms and viruses
The result is typically a background Internet connection, that opens a surveillance channel to the user’s computer. Multiple connections may also be established, which can lead to sluggish network performance.
When ScanMail detects spyware/grayware, it can take the following actions:
  • Replace with text/file: ScanMail deletes the infected, malicious, or undesirable content and replaces it with text or a file.
  • Quarantine entire message: ScanMail moves the email message to a restricted access folder.
  • Delete entire message: ScanMail deletes the entire email message.
  • Pass: ScanMail records the detection in logs and delivers the message unchanged.
  • Quarantine message part: ScanMail moves the email message body or attachment to a restricted access folder.

Growing Hazard

Increasingly, users are installing more and more malicious types of spyware without their knowledge, either as a "drive-by download", or as the result of clicking some option in a deceptive pop-up window. What concerns corporate security departments is that the more sophisticated types of spyware can be used to monitor keystrokes, scan files, install additional spyware, reconfigure web browsers, and snoop email and other applications. In some cases, spyware can even capture screen shots or turn on web cams.
Theft of confidential information, loss of employee productivity, consumption of large amounts of bandwidth, damage to corporate desktops, and a spike in the number of help desk calls related to spyware are forcing corporations of all sizes to take action. Spyware can represent both a security and system management nightmare.