Wired has an article on the FBI spyware known as CIPAV (see FBI's Secret Spyware Tracks Down Teen Who Made Bomb Threats).
The full capabilities of the FBI's "computer and internet protocol address verifier" are closely guarded secrets, but here's some of the data the malware collects from a computer immediately after infiltrating it, according to a bureau affidavit acquired by Wired News.
• IP address
• MAC address of ethernet cards
• A list of open TCP and UDP ports
• A list of running programs
• The operating system type, version and serial number
• The default internet browser and version
• The registered user of the operating system, and registered company name, if any
• The current logged-in user name
• The last visited URL
Once that data is gathered, the CIPAV begins secretly monitoring the computer's internet use, logging every IP address to which the machine connects.
All that information is sent over the internet to an FBI computer in Virginia, likely located at the FBI's technical laboratory in Quantico.
I'm a little conflicted when it comes to stories like this. The media, in this case, is publishing information about activities performed by a federal law enforcement agency from a public source, the court records. At the same time, any savvy terrorist data miner like Younis Tsouli can collect more information about American law enforcement procedures. I wonder if that even crossed the minds of the Wired editors. It may have been discussed, but let's face it, the media have not been very good about keeping secrets secret.