Spyware is used to unearth a wealth of information. From websites visited to sensitive financial and identity data like credit card numbers, spyware casts a wide net in the digital realm. Its primary targets include browsing and online purchasing habits, along with the prized possession of authentication credentials. When specific keywords, such as the names of banks, online payment systems, or explicit websites, come into view, the spyware springs into action, initiating its data collection process.
Harvesting Email Addresses: Email addresses become lucrative commodities for spammers when harvested from infected computers. Techniques for collecting email addresses and contact information range from scouring email application address books to monitoring inbound and outbound network packets tied to email traffic. Spyware also scans system files for strings matching the email address format, creating a goldmine for spam mailing lists.
Windows Protected Store: Windows houses a concealed treasure chest known as the Protected Store (PStore). This secure vault guards sensitive data, including Outlook passwords, website login credentials, MSN Explorer passwords, IE AutoComplete data, and digital certificates. While the PStore's contents are encrypted, access to this treasure trove is indirectly regulated by the data owner's login credentials. Given that spyware typically operates under the user's security profile, it can surreptitiously harvest this valuable information.
Clipboard Contents: The system clipboard often harbors a treasure trove of sensitive information, from product registration codes to user credentials copied and pasted into login forms. Spyware also targets potentially sensitive data fragments from recently modified documents or personal information that could be exploited in identity theft-related crimes. This information resides within the system clipboard buffer, ripe for the taking.
Capturing Every Keystroke: Keylogging stands as one of the earliest spyware techniques employed to capture sensitive data from a system. Both hardware and software keyloggers are at play, with hardware devices inconspicuously inserted between the keyboard cable and the computer. These modern hardware keyloggers are exceptionally discreet and have even been concealed within the physical keyboard casing, rendering them nearly undetectable. Hardware keyloggers do, however, require physical access for installation and data retrieval. More commonly, software keyloggers feature in spyware. They seize keyboard events, recording keystrokes before they reach their intended application. Like other spyware capture technologies, software-based keyloggers can be activated or deactivated based on keywords or specific events. For instance, they often target instant messaging clients, email applications, and web browsers, ignoring applications that do not yield the desired data.
Tapping into Network Traffic: Network traffic serves as a fertile ground for data extraction. Captured network data frequently contains user names, passwords, email messages, web content, and, in some instances, entire files that can be reassembled from the intercepted streams. Spyware casts its digital net wide, intercepting and extracting valuable information from the flow of data across networks.
In the secret world of spyware, these covert surveillance techniques are instrumental in gathering sensitive data while remaining hidden from unsuspecting users. This is used mostly by Government agencies,marketing companies, organized criminal groups e.t.c