- Disabling antivirus and antispyware tools: To prevent disinfection, some spyware disables antivirus and antispyware tools to lengthen the time the attacker can control the victim machine.
- Pretending to be an antispyware or antivirus tool: Some particularly nefarious spyware pretends to be an antispyware, antivirus or other security tool. These programs tell the user that they are defending against attack, while actually attacking the user, in a classic Trojan horse scenario.
- Turning off the Microsoft Security Center and/or Automatic Updates: Some spyware disables the Microsoft Security Center because its warnings about an inactive firewall or antivirus program could alert the user. Also, a few spyware specimens disable automatic updates to prevent the installation of patches.
- Changing network settings: To prevent signature updates for antivirus and antispyware tools, some spyware alters the infected machine’s network settings. This type of attack could edit the infected machine’s hosts file, apply outbound IP filters or alter the system’s DNS server so that all names are resolved by an attacker-controlled DNS server.
- Turning on the microphone and/or camera: Some malicious code can turn on a microphone or even a video camera attached to a system, thereby substantially invading the users’ privacy.
To learn how to keep your devices secure, visit Northwestern’s Tips for Securing Your Devices
Source: Top 15 Malicious Spyware Actions