Web-based spyware usually targets security vulnerabilities within Web browsers to install itself and modify the browser's functionality. This is commonly referred to as browser hijacking.
The most basic form of hijacking is home page hijacking. As the name implies, a Web site author can use JavaScript functions to set a browser's home page to any Web site he selects. Although this may seem pointless and nothing more than a minor inconvenience, if the new home page is full of syndicated advertising banners, the author can quickly generate a lot of money from hijacking Web browsers.
If you're unlucky, the new home page is a malware download site that infects your computer.

This is probably the most marked difference between spyware and viruses: Whereas virus writers have to remain anonymous on threat of prosecution, spyware authors actively publicize and financially benefit from their malicious actions. The money they earn allows them to hire expert programmers to create more sophisticated spyware, perpetuating the cycle. There are a number of companies that actually provide spyware development services, and will create custom spyware applications to your specifications. It's a very fine legal line, but companies continue to try and follow it.

All Web-based spyware is dependent on being able to use features and security vulnerabilities within a Web browser to infect a computer.
Part of the reason that spyware is difficult to defend against is that the features used to infect a computer are often the same as those used by legitimate software to enhance functionality. The first step in defence is to understand how spyware and malware work.

The life of spyware can be split into the following three stages:

• Exploitation: Occurs when a malicious Web site exploits a feature or security vulnerability in your browser and gains enough access to your computer to start causing problems. It's an unfortunate fact that Web browsers, especially Microsoft Internet Explorer, have plenty of security flaws in them.
• Infection: When the payload (the part of the spyware that actually does the damage) is downloaded to your computer via the security hole created in stage one.
• Operation: Takes place as the spyware completes its tasks, such as displaying toolbars, sending Web browsing information to its creators, or dialling premium-rate phone numbers.