Spyware can be placed on a system in a number of different ways, each offering its own benefits. Once the software is installed, it stays hidden and carries out its goals. Methods of infection include, but are not limited to, the following:
- Peer-to-Peer Networks (P2P) This delivery mechanism has become very popular because of the increased number of individuals using these networks to obtain free software.
- Instant Messaging (IM) Delivering malicious software via IM is easy. Plus, IM software has never had much in the way of security controls.
- Internet Relay Chat (IRC) IRC is a commonly used mechanism to deliver messages and software because of its widespread use and the ability to entice new users to download software.
- Email Attachments With the rise of email as a communication medium, the practice of using it to distribute malware has also risen.
- Physical Access Once an attacker gains physical access, it becomes relatively easy to install spyware and compromise the system.
- Browser Defects Many users forget or do not choose to update their browsers as soon as updates are released, so distribution of spyware becomes easier.
- Freeware Downloading software for free from unknown or untrusted sources can mean that you also download something nastier, such as spyware.
- Websites Software is sometimes installed on a system via web browsing. When a user visits a given website, spyware may be downloaded and installed using scripting or some other means. Spyware installed in this manner is quite common, because web browsers lend themselves to this process. They are frequently unpatched, do not have upgrades applied, or are incorrectly configured. In most cases, users do not use the most basic security precautions that come with a browser; and sometimes users override security options to get a better browsing experience or to see fewer pop-ups or prompts.
- Software Installations One common way to install software such as spyware on a victim’s system is as part of another software installation. In these situations, a victim downloads a piece of software that they want, but packaged with it is a payload that is silently installed in the background. The victim may be told that something else is being installed on the system but may click through the installation wizard so quickly without reading anything that they miss the fact that additional software is being placed on their system