Spyware (Part - 2)

Now let us look in to a small history of the Spyware. I have searched several sites for getting the history of Spyware. The Wikipedia provides good and clear information on the history of the Spyware. I have extracted some part of the history of the Spyware here just for you. The first known use of the word Spyware was in October 16, 1995 and it was against Microsoft Business Model. Spyware was first considered as a hardware meant for the espionage purposes. In the early 2000, the founder of the Zone labs, Gregor Freund, used the term spyware during the release of the ZoneAlarm Firewall. Since then the term is used in its present sense. As of 2006, spyware has become one of the prominent security threats to computers using Microsoft Windows operating systems. Computers using Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks. It not only because IE is the most widely-used browser, but because its tight integration with Windows allows spyware access to crucial parts of the operating system.
Before Internet Explorer 7 was released, the browser would display a message showing that activex must be installed to view a particular section of the website or the whole website. But in most cases the spyware will be in disguised as activex. The combination of user naiveté towards malware and the assumption by Internet Explorer that all ActiveX components are benign, led, in part, to the massive spread of spyware. Many spyware components would also make use of exploits in Javascript, Internet Explorer and Windows to install without user knowledge or permission. After installtion, sometimes windows pop-up warning messages about the presence of the Spyware in the Computer.

The Windows Registry contains multiple sections that by modifying keys values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted even if some (or most) of the registry links are removed.