Stealware diverts the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor. Spyware which attacks affiliate networks places the spyware operator's affiliate tag on the user's activity — replacing any other tag, if there is one. The spyware operator is the only party that gains from this. The user has their choices thwarted, a legitimate affiliate loses revenue, networks' reputations are injured, and vendors are harmed by having to pay out affiliate revenues to an "affiliate" who is not party to a contract.
As a result, spyware operators such as Solutions have been terminated from affiliate networks including LinkShare and ShareSale. In one case, spyware has been closely associated with identity theft.
The Federal Trade Commission estimates that Some copy-protection technologies have borrowed from spyware. In , Sony BMG Music Entertainment was found to be using rootkits in its XCP digital rights management technology  Like spyware, not only was it difficult to detect and uninstall, it was so poorly written that most efforts to remove it could have rendered computers unable to function. Texas Attorney General Greg Abbott filed suit,  and three separate class-action suits were filed. While the main purpose of this deliberately uninstallable application is to ensure the copy of Windows on the machine was lawfully purchased and installed, it also installs software that has been accused of " phoning home " on a daily basis, like spyware.
Spyware has been used to monitor electronic activities of partners in intimate relationships. At least one software package, Loverspy, was specifically marketed for this purpose. Anti-spyware programs often report Web advertisers' HTTP cookies , the small text files that track browsing activity, as spyware. While they are not always inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them.
These common spyware programs illustrate the diversity of behaviors found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections.
For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs that are frequently installed together may be described as parts of the same spyware package, even if they function separately. The first recorded use of the term spyware occurred on October 16, in a Usenet post that poked fun at Microsoft 's business model.
According to a study by AOL and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with form of spyware. Computers on which Internet Explorer IE is the primary browser are particularly vulnerable to such attacks, not only because IE is the most widely used,  but because its tight integration with Windows allows spyware access to crucial parts of the operating system. Before Internet Explorer 6 SP2 was released as part of Windows XP Service Pack 2 , the browser would automatically display an installation window for any ActiveX component that a website wanted to install.