|Usually installed and run Grayware is an umbrella term applied to a wide range of applications that are installed on a user's computer to track and/or report certain information back to some external source without the permission of the user. Some forms of grayware come as Trojan applications that trick users into installing them. Sources of grayware can come from any number of places and activities:
All grayware sources are not necessarily malevolent, as Web site developers are using newer techniques to customize their web sites and obtain better results. Tracking the usage patterns of visitors to offer more customized search results to result in higher sales is the ultimate goal of many of grayware applications.
- Downloading shareware, freeware, or other forms of file sharing services
- Opening infected emails
- Clicking on pop-up advertising
- Visiting frivolous or spoofed web sites
- Installing Trojan applications
Typically, the symptoms of having grayware installed on a host may be slower performance, more pop-up advertising, web browser home pages being redirected to other sites, and so forth. Generally these effects are more of an annoyance than a security threat. But hackers have also learned that grayware techniques can be used for other purposes too and have started using many of the web browser's capabilities to load and run programs that open access, collect information, track keystrokes, modify system settings, or to inflict other kinds of damage.
Although the most common grayware category gaining world wide attention is "Spyware", grayware can fall into many categories including:
Adware - Adware is usually embedded in freeware applications that users can download and install at no cost. Adware programs are used to load pop-up browser windows to deliver advertisements when the application is open or run.
Dialers - Dialers are grayware applications that are used to control the PC's modem. These applications are generally used to make long distance calls or call premium 900 numbers to create revenue for the thief.
Gaming - Gaming grayware applications are usually installed to provide joke or nuisance games.
Joke - Joke grayware are applications that are used to change system settings, but do no damage to the system. Examples include changing the system cursor or Windows' background image.
Peer-to-Peer - P2P grayware are applications that are installed to perform file exchanges. (P2P) While P2P is a legitimate protocol that can be used for business purposes, the grayware applications are often used to illegally swap music, movies, and other files.
Spyware - Spyware applications are usually included with freeware. Spyware is designed to track and analyze a user's activity, such a user's web browsing habits. The tracked information is sent back to the originator's Web site where it may be recorded and analyzed. Spyware can be responsible for performance related issues on the user's PC.
Key Logger - Key Loggers are perhaps one of the most dangerous grayware applications. These programs are installed to capture the keystrokes made on a keyboard. These applications can be designed to capture user and password information, credit card numbers, email, chat, instant messages, and more.
Hijacker - Hijackers are grayware applications that manipulate the Web browser or other settings to change the user's favorite or bookmarked sites, start pages, or menu options. Some Hijackers have the ability to manipulate DNS settings to reroute DNS requests to a malicious DNS server.
Plugins - Plugin grayware applications are designed to add additional programs or features to an existing application in an attempt to control, record, and send browsing preferences or other information back to an external destination.
Network Management - Network Management Tools are grayware applications that are designed to be installed for malicious purposes. These applications are used to change Tools network settings, disrupt network security, or cause other forms of network disruption.
Remote Administration Tools - Remote Administration Tools are grayware applications that allow an external user to remotely gain access, change, or monitor a computer on a network.
BHO - BHO grayware applications are DLL files that are often installed as part of a software application to allow the program to control the behavior of Internet Explorer. Not all BHOs are malicious, but the potential exists to track surfing habits and gather other information stored on the host.
Toolbar - Toolbar grayware applications are installed to modify the computer's existing toolbar features. These programs can be used to monitor web habits, send information back to the developer, or change the functionality of the host.
Download - Downloaders are grayware applications that are installed to allow other software to be downloaded and installed without the user's knowledge. These applications are usually run during the startup process and can be used to install advertising, dial software, or other malicious code.