This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Spyware"

Jump to: navigation, search
(Risk Factors)
(Related Threat Agents)
Line 29: Line 29:
==Related [[Threat Agents]]==
==Related [[Threat Agents]]==
* [[:Category:Client-side Attacks]]
* [[:Category:Client-side Attacks]]
[[Category:FIXME|not a threat agent that is currently there]]
==Related [[Attacks]]==
==Related [[Attacks]]==

Revision as of 12:07, 15 September 2008

This is an Attack. To view all attacks, please see the Attack Category page.

ASDR Table of Contents


Spyware is a program that captures statistical information from a user's computer and sends it over internet without user acceptance. This information is usually obtained from cookies and the web browser’s history. Spyware can also install other software, display advertisements, or redirect the web browser activity. Spyware differs from a virus, worm and adware in various ways. Spyware does not self-replicate and distribute itself like viruses and worms, and does not necessarily displays advertisements like adware. The common characteristics between spyware and viruses, worms, and adware are:

  1. exploitation of the infected computer for commercial purposes
  2. the display, in some cases, of advertisements

Risk Factors


Some Spyware is very dificult to remove because they can hide in Browser Cookies and Offline HTML Content in Temporary files.



Figure 1. A lot of toolbars added by spyware, and some working as spyware

Related Threat Agents

Related Attacks

Related Vulnerabilities

  • TBD

Related Controls

  • TBD