Malware 193
■ Freeware—Downloading software for free from unknown or untrusted sources can
mean that you also download something nastier, such as spyware.■ Websites—Software is sometimes installed on a system via web browsing. When a user
visits a given website, spyware may be downloaded and installed using scripting or
some other means.Spyware installed in this manner is quite common, because web browsers lend them-
selves to this process—they are frequently unpatched, do not have upgrades applied, or
are incorrectly configured. In most cases, users do not use the most basic security pre-
cautions that come with a browser; and sometimes uses override security options to get
a better browsing experience or to see fewer pop-ups or prompts.■ Software installations—One common way to install software such as spyware on a
victim’s system is as part of another software installation. In these situations, a victim
downloads a piece of software that they want, but packaged with it is a payload that
is silently installed in the background. The victim may be told that something else is
being installed on the system, but may click through the installation wizard so quickly
without reading anything that they miss the fact that additional software is being
placed on their system.Adware
Adware is a well-known type of malware. Many systems are actively infected with this
type of malware from the various installations and other activities they perform. When
this type of software is deployed onto a victim’s system, it displays ads, pop-ups, and nag
screens, and may even change the start page of the browser.
Typically, this type of software is spread either through a download with other software
or when the victim visits a website that deploys it stealthily onto their system.
Sometimes adware is deployed onto a victim’s system along with
legitimate software by a developer who is paid to include the malware in
the distribution. Although this practice is not necessarily malicious in the
purest sense, it still fits the definition of malware, because many victims
are not aware that they are allowing this additional item to be installed.Scareware
A relatively new type of software is scareware. This type of malware warns the victim of
potential harm that could befall them if they don’t take some action. Typically, this action
involves providing a credit card or doing something else to buy a utility they need to clean
their system. In many cases, the utility the victim buys and installs is actually something
else, such as spyware, adware, or even a virus.
This type of software relies on the ignorance or fear of potential victims who do not
know that they are being played.