Suppose someone had an MSN instant message conversation on a computer that
had spyware on it (unbeknownst to them). Could a hacker access these messages,
without access to the computer that had the spyware on it, where the messages
were sent from? In other words, from an unrelated computer source?
The scenario you outline is a little unclear, but the short answer is
probably … Yes
Spyware can be extremely invasive and, for lack of a better term,
There are some very frightening scenarios.
Much of what we’ve called “spyware” has for many years been relatively benign. It’s been annoying and intrusive, but not particularly malicious.
However, particularly with the lines blurring between spyware and viruses, the fact is that most malware these days is far from benign. Not only can spyware “spy”, it can push ads, infect other machines, send spam, and even in some scary scenarios poke around in your bank account when you’re not looking.
The term “malware” – for MALicious softWARE – is actually much more appropriate these days as spyware is doing a lot more than just spying.
Let’s look at the scenario you’ve outlined as an example. If your machine or your friend’s machine has spyware of some sort it is very possible that it could, while you are conversing in an instant messaging program:
Write your conversations to a hidden file and leave open a “back door” that allows the hacker to retrieve that file at a later date.
Intercept everything you type and everything you receive, and send a copy to another computer somewhere else on the internet as you type it.
Or any of a number of other things…
This is also a good example of the fact that there are both “good” and “bad” types of spyware.
While monitoring your IM conversations seems like a very bad thing on the surface, it’s exactly what we ask parental monitoring and control software to do. Legitimate spyware that is, indeed, spying on you. These are commercially available packages that can be used by parents to monitor or control their children’s internet use. Is it spyware? Absolutely, it is – it’s spying on you. It could be used to do exactly the types of things we’re talking about here, on purpose, and it would be a very legitimate use of the technology.
It could also be used by others to do exactly the types of things we’re talking about here, also on purpose, but it would be far from a legitimate use – true “spying” in a very malicious sense.
And of course there are other, less legitimate instances of spyware that do the same or worse and really earn the moniker “malware”. Perhaps one of the worst I’ve heard of recently is malware that inserts itself into your system and waits for you to connect to your bank to perform online banking. While you’re connected it operates in the background and starts transferring money out of your account, which you don’t see while it’s happening.
Yes, spyware can be sneaky … very sneaky.
That’s why most tech support folks like myself seem to be constantly harping on anti-malware tools and general education about malware prevention.
It really is that important.
(This is an update to an article originally published in June, 2004.)